Scenario 2 - Restrict all Sandbox Solutions to only those produced by corporate development teams!
This has got to be a massive requirement? How many large corporations would like to be able to rollout Sandbox Solutions .. but are worried that any old WSP could be downloaded from the internet and placed on their farm? From a governance, control and security perspective this is huge!

So how can CKS:Sandbox help with this?
  • Solution ID Validation - One way is to set the default setting (in General Settings) to Block All and then add Validation Rules to "Allow" only the Solution IDs for your own WSPs. This would mean only specific WSP packages would be allowed in (which could also include authorised external ones if you so wanted?).
  • Public Key Token Validation - Another (perhaps more elegant?) solution would be basing it on Public Key Tokens. If the development teams consistently use the same Strongly Named Key (.snk) file for their project then all assemblies produced will all output the same Public Key Token (as they would have the same encryption key). This means you could add a single validation rule (of type "Public Key Token" with the rule "Allow") and the project team could then produce whatever solutions they like and they would always be "valid" when being activated by users (assuming there isn't another rule elsewhere which is blocking them).

Last edited Jul 8, 2011 at 10:33 AM by MartinHatch, version 2

Comments

No comments yet.