Microsoft Office Tutorials and References
In Depth Information
Protecting Against Attacks
Request Timeout — You can use this setting to limit how much time a request can run on the ECS.
The default is 5 minutes. For a trusted location in which you do not want authors to be able to
use too many ECS resources, you can set this value to a small number (such as a few seconds).
Maximum Workbook Size — This setting limits the size of the workbook on disk that can be
loaded to the ECS. A large workbook has an adverse impact on the ECS performance in terms of
I/O, CPU, and memory consumption. The default size is 10MB. If you do not trust the authors
of a trusted location, you should reduce this value.
Maximum Chart Size — This setting limits the maximum size of a chart image. Resources on the
ECS are used to create and cache large charts, and resources on the network between the ECS
and the WFE, and between the WFE and the client, are used to transport them. You can reduce
this setting to prevent a malicious user from publishing a workbook with huge charts.
Volatile Function Cache Lifetime — Use this setting to prevent an attacker from creating a
workbook with volatile formulas and complex calculations that are resource-intensive. The default is
5 minutes, which means that the workbook is not recalculated on open for 5 minutes, even if it
has volatile functions such as NOW.
Workbook Calculation Mode — Set this to Manual to prevent calculation of the workbook on open.
This way, you can allow some users to publish static workbooks (which do not require
calculation) to a trusted location. Static workbooks are relatively cheap in terms of resources, because
they do not require calculation and they cache well. With this set to Manual, using settings in
the Web Part properties that prevent interactivity in the Web Part, and limiting external data
access, you can fully enforce static workbooks only.
Allow External Data — Set this value to None to prevent workbooks in a trusted location from
accessing any external data. Workbooks that access external data can use a lot of resources, both
on the ECS and on the database server. A value of None prevents the attacker from using
external data as a way to deny service. This setting can works well with the Manual workbook
calculation mode to enforce static workbooks.
External Data Cache Lifetime — Use this setting to prevent users from sending a lot of requests to
refresh external data that are actually queries. Queries to databases are expensive and can result
in a denial of service on Excel Services or the database. The default value for the external data
cache lifetime is 5 minutes. This means that, by default, after a refresh has been performed, any
refresh operation to that data object in the workbook within the next 5 minutes is returned from
Maximum Concurrent Queries Per Session — Excel Calculation Services allows running multiple
queries in parallel to improve the user response time. To prevent a malicious user from creating
a workbook with a large number of data objects, all running in parallel, you should restrict the
maximum number of concurrent queries. The default value is 5 parallel queries per workbook,
and you can reduce this value further for less trusted locations.
Allow User-Defined Functions — UDFs can run code on the server. When used inefficiently, this
can result in a high usage of resources and denial of service. A malicious user can create a
workbook that contains a lot of expensive calls to a UDF. Allow UDFs only for highly trusted
To summarize this section, you should restrict the features and size of workbooks based on how much
you trust the authors who have Write permissions to each trusted location.