SharePoint problems

Started by PZ, March 15, 2010, 11:16:49 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

PZ

Quote from: GPFontaine on March 07, 2010, 07:18:48 PM
... While web code has always played a part in my career, my primary job is technology deployment and integration.

You don't by any chance know much about SharePoint?

GPFontaine

Quote from: PZ on March 15, 2010, 11:16:49 AM
Quote from: GPFontaine on March 07, 2010, 07:18:48 PM
... While web code has always played a part in my career, my primary job is technology deployment and integration.

You don't by any chance know much about SharePoint?
A little bit.  I had the opportunity to run a site for about 4 days and opted out because it was too rigid.  On May 12th, 2010 I'll re-evaluate and see if they started to add features such as wiki categories or hierarchy.

PZ

I've been doing SharePoint for about 3-4 years and have incorporated InfoPath forms nearly 2 years ago for a wide variety of purposes (I've converted nearly all of the forms in my administrative office to electronic now).  Now I've run into an issue that is evidently only solvable by editing the aspx.  Here's an example of an outrageous MS hole.  History: I built an InfoPath forms site in which general users have contributor rights.  I built filters so that each individual only sees forms that they personally have created, or have been assigned to them.  All works great - here's the problem:  The Actions menu still contains the Open in Windows Explorer link, which lets them not only open all of the submitted forms, but gives everyone unrestricted access.

The bonehead part - there is no way to deactivate that menu item, nor change permissions that allow it's display.

GPFontaine

Quote from: PZ on March 15, 2010, 05:24:10 PM
I've been doing SharePoint for about 3-4 years and have incorporated InfoPath forms nearly 2 years ago for a wide variety of purposes (I've converted nearly all of the forms in my administrative office to electronic now).  Now I've run into an issue that is evidently only solvable by editing the aspx.  Here's an example of an outrageous MS hole.  History: I built an InfoPath forms site in which general users have contributor rights.  I built filters so that each individual only sees forms that they personally have created, or have been assigned to them.  All works great - here's the problem:  The Actions menu still contains the Open in Windows Explorer link, which lets them not only open all of the submitted forms, but gives everyone unrestricted access.

The bonehead part - there is no way to deactivate that menu item, nor change permissions that allow it's display.
Gah... that sounds like a pain.  What version of Sharepoint?

Art Blade

indeed... does MS know of the problem?
[titlebar]Vision without action is a daydream. Action without vision is a nightmare.[/titlebar]What doesn't kill us, makes us weirder.

PZ

Yes, MS is aware of the problem but they have not fixed it yet.  I'm using the latest version of WSS (services), but MS has not fixed anything yet I presume because this is an issue that is a bit unique.  My company has gone to MOSS portal, but the IT folks have not released full functionality to all the divisions yet.  The good part is that they have given me a dedicated blade server to experiment with, consequently I've managed to automate most of my operations.

I have managed to circumvent my problem by creating a shared page with a modified web part - need to use SharePoint Designer to do it though.  It was king of a pain to figure it out, but I now have it relatively safe from the casual user.  On the other hand, a hacker could find the security hole with relative ease.

Art Blade

Another shiny example of "outrageous programming"  >:( Considering that it is software used in companies, not a game played at home. And the costs for licensing it for a lot of people in a company... outrageous, that they don't fix it!
[titlebar]Vision without action is a daydream. Action without vision is a nightmare.[/titlebar]What doesn't kill us, makes us weirder.

PZ

Absolutely - it is a serious security flaw and limits what I'm currently attempting to accomplish.  I found a workaround, but I spent a couple of days doing so, and shouldn't need to resort to modifying the aspx to do so, and I'm not even an IT guy!

GPFontaine

Quote from: PZ on March 16, 2010, 06:37:18 AMAbsolutely - it is a serious security flaw and limits what I'm currently attempting to accomplish.  I found a workaround, but I spent a couple of days doing so, and shouldn't need to resort to modifying the aspx to do so, and I'm not even an IT guy!
My feeling is that an open source product has every right to require further modification.  SharePoint however is NOT open source and therefore programming errors should be corrected with patches and not user hacks.  Your fix seems unreasonable, but adequate.  If I were you, I would make sure to get SharePoint 2010 beta and test it out.  See if the feature has been fixed.  If not, SCREAM as loud as you can about it during beta.  They usually will listen before it goes live.

PZ

Good point - I've an extra server that I use as a test machine, but unfortunately my current (business) installation is on a production server (which I don't have control of) and our IT guys are hesitant to implement beta versions.  However, SharePoint was implemented at my place due to my experimentation with early versions of WSS, so maybe there is a bit of hope on the horizon if I experiment with new technology.

Tags:
🡱 🡳

Similar topics (2)