Allow UnsafeUpdates property | ansaurus

tags:

sharepoint2007

views:

18

answers:

2

Q:

Allow UnsafeUpdates property

Hi,

I have tried to write a code in object model using C#.Net for accessing a sharepoint list items and document library, I have to set allowunsafeupdates property to be true.

Is it massive security problem to the whole site..

Could anyone clarify this ...

+1 A:

Hi there.

Check out these articles:

http://hristopavlov.wordpress.com/2008/05/16/what-you-need-to-know-about-allowunsafeupdates/

http://hristopavlov.wordpress.com/2008/05/21/what-you-need-to-know-about-allowunsafeupdates-part-2/

They are a very thorough look at AllowUnsafeUpdates and might answers some question you have.

Cheers. Jas.

Jason Evans 2010-10-24 16:17:58

Thank you Jas, So we have to use carefully for our context to avoid cross scripting

Hari Gillala 2010-10-24 16:32:14

+1 A:

The biggest risk on setting SPSite.AllowUnsafeUpdates to true is in GET operations because it open your site to cross site scripting.

Have a look to this question for further details on using the true value within a safe pattern usage.

Lorenzo 2010-10-24 16:19:03

Thank you Lorenzo

Hari Gillala 2010-10-24 16:31:02

related questions

Using fields from a 'lookup-ed' sharepoint list

Sharepoint Conditional fields in Edit.aspx

Can we move SharePoint up in the site hierarchy?

Trimming DateTime format to Just Date format in CAML Query

How to have http module on fire events only for specific page types

Testing Workflow History Autocleanup

SharePoint Calendar List : Restrict entering second item with same From and To date

SharePoint - Custom Dataview - Link Rendering Issues

Why Does the Infopath 2007 Form Shows Error Message When Saving Repeating Table With More Than 60 Records?

Is there any good replacement for SharePoint Designer?

Whats the best way to create a Smart Part in SharePoint?

Howto get SharePoint version using object model

Sharepoint API - How to Upload files to Sharepoint Doc Library from ASP.NET Web Application

How to move documents from SharePoint 2003 to SharePoint 2007 with versioning?

Communicate with Document Library Browser Web Part

FileNotFoundException with the SPSite constructor. What's the problem?

Migrating MOSS 2007 from SQL 2000 to SQL 2005

Is it possible to attach a workflow to a task list on MOSS 2007?

Saving Word 2007 to MOSS gives never ending "Getting list of available content types..." dialog

MOSS 2007 Breadcrumb problem

Profile User DB error in WebPart

MOSS 2007 -- Invalid URL Exception SPSite.OpenWeb(...)

How can you hook a SharePoint 2007 feature into the Application_Start of a site?

Using ASP.Net 3.5 SP1 Routing with SharePoint 2007

How can I automate the process of deploying an InfoPath Form to SharePoint Server 2007?