Instructor
Notes |
|
WSS V3 will only
load and run Web Parts that have been marked as safe controls in the
web.config file of the hosting WSS Web application. The motivation for why
WSS requires safe control entries has to do with defending against attacks.
For instance, think about a malicious individual who manages to get a
read\write connection to the content database. |
|
What if this person
uploaded or modified a .aspx file with an ASP.NET control or added a Web Part
into a Web part zone in order to conduct an attack. This attack can be defeat
by the fact that an administrator of the local Web server gets to specify the
exact set of ASP.NET controls and Web Parts that can be loaded on a Web
application by Web application basis. |