Microsoft Office Tutorials and References
In Depth Information
You can mitigate this threat by deploying well-designed UDFs and limiting who is allowed to author
workbooks that have UDFs. Here are some guidelines:
When evaluating the UDFs that you are going to deploy to the server, ensure that the
developers use sound security practices. As with any other software product, deploy security patches to
the UDF’s code.
Ensure that the UDFs are designed to minimize the chances of malicious use. For example, a
UDF that executes mathematical calculations on a range might limit the maximum size of the
range. The UDF that writes to a database might take the database name and table name from a
configuration file or registry key, rather than any arbitrary SQL command passed in as input.
Limit the trusted locations that are allowed to run UDFs. Each trusted location has a setting
called Allow User-Defined Functions, which is turned off by default. Turn it on only in trusted
locations that are limited to a small number of trusted authors.
Data providers are the drivers that the ECS uses to connect to external data. The malicious user could
publish a workbook that queries data from that provider. An attacker could use data providers to create
a denial-of-service attack by doing the following:
Convince the administrator to install a malicious driver, that results in an attack when invoked.
The attack could be denial of service, information disclosure, or tampering with data.
Exploit a known security issue with the data provider, which could result in running arbitrary
malicious code on the server in the security context of the user opening the workbook.
Make calls to a data provider that is not well-designed for a robust server environment, which
could use a significant amount of resources or lock the server threads and result in a denial of
As an administrator, you should do the following:
Use the list of trusted data providers to limit which drivers can be called from Excel Services.
As with any other software deployment, use only providers developed by trusted sources and
install any relevant security patches.
Limit the permissions to change these binaries to administrators.
In this chapter, you learned the following about Excel Services security:
Users are authenticated via Windows Authentication (integrated, digest, or basic), Forms
Authentication, or Anonymous.
You can use SharePoint View Only permissions to allow viewing workbooks only on the server
and prevent downloading them to the client. In addition to publishing only a subset of the items
in the workbook, View Only permissions is a powerful tool for maintaining one version of the
truth and protecting the intellectual property of the workbook model.