Microsoft Office Tutorials and References
In Depth Information
Protecting Against Attacks
Elevation of Privilege
Elevation of privilege means that users gain higher permissions than they should have. For example, a
user tricks an administrator into getting more privileges.
This type of attack could be considered the worst kind, because someone who gains administrative
access can perform any of the other types of attacks.
Trust the Administrators
SharePoint has several levels of administration. There is central administration of the farm,
administration of the SSP level, and administration at the site level. When users have administrative powers, they
can do anything within their scope of control. The system will not limit any activities.
You need to be able to trust your administrators. You should educate them and expect them to do the
Not abuse their powers to perform any security attacks against the server.
Configure the server in a secure way to limit the attacks that others might attempt to perform
against the server.
Grant administrator rights to only those users who are as trusted as they are.
The general guideline is to not use an Unattended Account for external data access, and to define an
Unattended Account with low privileges. If you need to define an Unattended Account with higher
privileges, it is imperative that the account does not have permissions to the SharePoint content database.
If the Unattended Account has permissions to the content database, an attacker could create a workbook
that queries data from the content database and runs under the Unattended Account. With this method,
the attacker could work around the security model of the content database, possibly writing into it to
elevate his or her own privileges.
The administrator of Excel Services can deploy code that extends the built-in functionality of Excel
Services. The main types of extensibility are user-defined functions and data drivers.
UDFs are third-party code that can execute any commands. They run in the security context of the user
who is opening the workbook. As such, they are extremely dangerous when used incorrectly.
UDFs are not a threat category by themselves, but they can result in a number of issues, such as the
Tampering — A UDF can write data to a database with the credentials of the user who opened