A list of common document types to use as metadata values for Document Type drop-down choices in SharePoint. A great addition to any site or type of organization.
An overview of what's available in SharePoint out of the box.
This slide deck is meant to shed some light on basic elements and features of SharePoint and explain to those who are new to Office 365 / SharePoint – what is possible as soon as you get your hands on the live SharePoint site. Enjoy!
Document Management in SharePoint without folders - Introduction to MetadataGregory Zelfond
Step-by-Step Guide to Document Management
in SharePoint. Part I – Introduction to Metadata
What’s wrong with Folders?
Intro to Metadata
Step-by-Step on how to setup SharePoint Metadata
SharePoint Tutorial and SharePoint Training - IntroductionGregory Zelfond
Are you new to SharePoint and want to learn more about it? You are in luck. This FREE SharePoint tutorial is an excellent resource and will let you learn SharePoint in no time. It explains in basic and non-technical terms what SharePoint is all about. With this tutorial, you will learn the following key concepts:
• SharePoint Sites
• SharePoint Pages
• SharePoint Web Parts
• SharePoint Views
• SharePoint Security
• SharePoint Navigation
Introduction to SharePoint Information ArchitectureGregory Zelfond
SharePoint Information Architecture is the art and science of organizing and labeling the content (documents, data, sites) to support findability and usability
A list of common document types to use as metadata values for Document Type drop-down choices in SharePoint. A great addition to any site or type of organization.
An overview of what's available in SharePoint out of the box.
This slide deck is meant to shed some light on basic elements and features of SharePoint and explain to those who are new to Office 365 / SharePoint – what is possible as soon as you get your hands on the live SharePoint site. Enjoy!
Document Management in SharePoint without folders - Introduction to MetadataGregory Zelfond
Step-by-Step Guide to Document Management
in SharePoint. Part I – Introduction to Metadata
What’s wrong with Folders?
Intro to Metadata
Step-by-Step on how to setup SharePoint Metadata
SharePoint Tutorial and SharePoint Training - IntroductionGregory Zelfond
Are you new to SharePoint and want to learn more about it? You are in luck. This FREE SharePoint tutorial is an excellent resource and will let you learn SharePoint in no time. It explains in basic and non-technical terms what SharePoint is all about. With this tutorial, you will learn the following key concepts:
• SharePoint Sites
• SharePoint Pages
• SharePoint Web Parts
• SharePoint Views
• SharePoint Security
• SharePoint Navigation
Introduction to SharePoint Information ArchitectureGregory Zelfond
SharePoint Information Architecture is the art and science of organizing and labeling the content (documents, data, sites) to support findability and usability
How to Manage Projects in SharePoint Using Out of the Box FeaturesGregory Zelfond
Learn how you can utilize SharePoint out of the box functionality to manage projects. 3 options are discussed: Office 365 Groups, Document sets and project sites. Also, what's available in terms of PMO-style dashboards and reporting capability.
SharePoint 5000 Item List view Threshold Checklist and Best PracticesGregory Zelfond
The following slides explain 10 unique ways (techniques) to overcome SharePoint 5000 item list view threshold. They represent best practices when working with large lists and document libraries in SharePoint.
When you start using SharePoint everyone says, "Don't use folders." If that is true, how do we organize and find our stuff we put into SharePoint? Metadata. In this session we will explore what metadata is, how to use it, and how to get our co-workers to use it. Recreate this demo when you get back to the office to win your users over to the metadata side. This demo works in SharePoint 2007, 2010 and 2013.
Key Take Aways:
•What is metadata
•When to use metadata
•Choices for metadata
•When to use folders
A slide deck to complement my 2-hour, FREE, on demand SharePoint Training available here: https://youtu.be/L--oAoZ5Juo
The following topics are covered in the course:
- How to Create Sites
- How to create proper site navigation
- How to change Look & Feel of the site
- How to manage security Security
- How to Edit Pages
- How to Add new pages
- How to create new web parts
- How to add web parts to a page
- How to add custom metadata
- How to create custom views on a list or a library
How to build an Intranet portal in SharePoint using out of the box featuresGregory Zelfond
This slide deck illustrates how you can use SharePoint to build your organization's Intranet Portal, complete with Project Sites, Department Sites. Document Management Repository, Employee Directory and more.
Slide Deck of the session "Introduction to SharePoint 2013 Out of the Box WebParts"
Date : 25 October 2014
Event : SPSEvents Washington DC Reston
Place : Microsoft Technology Center, 12012 Sunset Hills Road, Reston , Virginia USA 20190
Twitter Handle: #SPSDC
Office 365 Saturday 2013 - A guideline to structure your documents in SharePo...Jasper Oosterveld
A guideline to structure your documents in SharePoint Online 2013. Learn how to work with the SharePoint features to structure your documents in document libraries.
Don't Suck at SharePoint - Avoid the common mistakesBenjamin Niaulin
Recording: http://bit.ly/SeyVK8
How do you avoid the most common mistakes when using SharePoint, if you've never used it before?
What makes SharePoint so popular is also its worse enemy, it's easy to use. As a platform, it allows you to build whatever you want to help the organization. But for it to be successful, you need to avoid the common mistakes made.
As a consultant, I have unfortunately had a lot of experience seeing or even doing some of the things in SharePoint that lead to utter chaos or disaster. That's why I would like to share them with you this time, show you how to not suck at SharePoint.
In this webinar we'll discuss:
-A brief overview of SharePoint as a platform
-Common scenarios SharePoint is used for
-Things that have miserably failed
-Bad architecture
-Solutions and Best Practices when starting
So you have bought Office 365 licenses for your organization, switched everyone to Outlook online and now are ready to roll out the SharePoint “thing”. You make it to the default SharePoint page and your next step is… EXACTLY!!! Where do you start? Which site do you create first? How do you know which sites you need to create for your organization? How do you move gigabytes of files and folders to SharePoint online? This presentation will help answer all these questions you might have about migration to SharePoint. It talks about the phased methodology I have been using with my clients (which has been pretty successful!). It also explains in great detail each of the phases/components of the successful SharePoint implementation and migration.
A slide deck to complement my 2-hour, FREE, on demand SharePoint Training available here: https://youtu.be/mSVC08zbQ7M
The following topics are covered in the course:
- What is SharePoint, OneDrive and Office 365
- The concept of Sites, Pages and Web Parts
- How to upload and download documents from the document library
- How to share a document in SharePoint
- How to setup alerts to be notified of changes to your documents or content
- How to create your own views in a library or list
- The concept of Versioning, Check-in and Check-out
- The concept of Co-Authoring
- How to sync documents to your desktop via OneDrive
- How to sync Calendar, Tasks and Contacts to Outlook
- How to search for documents and items in SharePoint
- How to Export SharePoint information to Excel
Step by Step Guide on SharePoint External Sharing. The presentation explains how to share a site, folder, file with external users. How to configure and manage external sharing and manage external users
SharePoint Tips and Tricks you cannot live withoutGregory Zelfond
Don’t you just love it when you learn new things that make your life in SharePoint easier? This slide deck covers cool SharePoint tips and tricks that will save you time and make you look like a star!
Please reference the video with step by step instructions here: https://youtu.be/INUFaJHoX0o
SharePoint for Project Management (2016)wandersick
An introduction to SharePoint Online of Office 365 with a focus on project management.
In this presentation, I demonstrate SharePoint basics, creating a site, managing projects using SharePoint and misc. features. It is dedicated to my teacher, Mr. Leung, who encouraged me to present SharePoint to inspire fellow classmates on how to better manage their projects.
Main introduced features:
- SharePoint basics
- Creating sites (under OneDrive for Business)*
- Managing projects
*Note: Sites created this way are traditional Sites instead of the new style of Sites created by Office 365 Groups
Other introduced features:
- Co-Authoring
- Checking Out/In
- Version History
- Alerting
- Syncing with OneDrive for Business
- Site Mailbox (Discontinued. Available in Office 365 Groups at the time of writing)
- OneNote
- Modern UI and Classic UI
- Mobile Access
- Customizing Site Design
- User Management
- Sharing a SharePoint Site
- Wiki Page
- All Site Contents
How to Manage Projects in SharePoint Using Out of the Box FeaturesGregory Zelfond
Learn how you can utilize SharePoint out of the box functionality to manage projects. 3 options are discussed: Office 365 Groups, Document sets and project sites. Also, what's available in terms of PMO-style dashboards and reporting capability.
SharePoint 5000 Item List view Threshold Checklist and Best PracticesGregory Zelfond
The following slides explain 10 unique ways (techniques) to overcome SharePoint 5000 item list view threshold. They represent best practices when working with large lists and document libraries in SharePoint.
When you start using SharePoint everyone says, "Don't use folders." If that is true, how do we organize and find our stuff we put into SharePoint? Metadata. In this session we will explore what metadata is, how to use it, and how to get our co-workers to use it. Recreate this demo when you get back to the office to win your users over to the metadata side. This demo works in SharePoint 2007, 2010 and 2013.
Key Take Aways:
•What is metadata
•When to use metadata
•Choices for metadata
•When to use folders
A slide deck to complement my 2-hour, FREE, on demand SharePoint Training available here: https://youtu.be/L--oAoZ5Juo
The following topics are covered in the course:
- How to Create Sites
- How to create proper site navigation
- How to change Look & Feel of the site
- How to manage security Security
- How to Edit Pages
- How to Add new pages
- How to create new web parts
- How to add web parts to a page
- How to add custom metadata
- How to create custom views on a list or a library
How to build an Intranet portal in SharePoint using out of the box featuresGregory Zelfond
This slide deck illustrates how you can use SharePoint to build your organization's Intranet Portal, complete with Project Sites, Department Sites. Document Management Repository, Employee Directory and more.
Slide Deck of the session "Introduction to SharePoint 2013 Out of the Box WebParts"
Date : 25 October 2014
Event : SPSEvents Washington DC Reston
Place : Microsoft Technology Center, 12012 Sunset Hills Road, Reston , Virginia USA 20190
Twitter Handle: #SPSDC
Office 365 Saturday 2013 - A guideline to structure your documents in SharePo...Jasper Oosterveld
A guideline to structure your documents in SharePoint Online 2013. Learn how to work with the SharePoint features to structure your documents in document libraries.
Don't Suck at SharePoint - Avoid the common mistakesBenjamin Niaulin
Recording: http://bit.ly/SeyVK8
How do you avoid the most common mistakes when using SharePoint, if you've never used it before?
What makes SharePoint so popular is also its worse enemy, it's easy to use. As a platform, it allows you to build whatever you want to help the organization. But for it to be successful, you need to avoid the common mistakes made.
As a consultant, I have unfortunately had a lot of experience seeing or even doing some of the things in SharePoint that lead to utter chaos or disaster. That's why I would like to share them with you this time, show you how to not suck at SharePoint.
In this webinar we'll discuss:
-A brief overview of SharePoint as a platform
-Common scenarios SharePoint is used for
-Things that have miserably failed
-Bad architecture
-Solutions and Best Practices when starting
So you have bought Office 365 licenses for your organization, switched everyone to Outlook online and now are ready to roll out the SharePoint “thing”. You make it to the default SharePoint page and your next step is… EXACTLY!!! Where do you start? Which site do you create first? How do you know which sites you need to create for your organization? How do you move gigabytes of files and folders to SharePoint online? This presentation will help answer all these questions you might have about migration to SharePoint. It talks about the phased methodology I have been using with my clients (which has been pretty successful!). It also explains in great detail each of the phases/components of the successful SharePoint implementation and migration.
A slide deck to complement my 2-hour, FREE, on demand SharePoint Training available here: https://youtu.be/mSVC08zbQ7M
The following topics are covered in the course:
- What is SharePoint, OneDrive and Office 365
- The concept of Sites, Pages and Web Parts
- How to upload and download documents from the document library
- How to share a document in SharePoint
- How to setup alerts to be notified of changes to your documents or content
- How to create your own views in a library or list
- The concept of Versioning, Check-in and Check-out
- The concept of Co-Authoring
- How to sync documents to your desktop via OneDrive
- How to sync Calendar, Tasks and Contacts to Outlook
- How to search for documents and items in SharePoint
- How to Export SharePoint information to Excel
Step by Step Guide on SharePoint External Sharing. The presentation explains how to share a site, folder, file with external users. How to configure and manage external sharing and manage external users
SharePoint Tips and Tricks you cannot live withoutGregory Zelfond
Don’t you just love it when you learn new things that make your life in SharePoint easier? This slide deck covers cool SharePoint tips and tricks that will save you time and make you look like a star!
Please reference the video with step by step instructions here: https://youtu.be/INUFaJHoX0o
SharePoint for Project Management (2016)wandersick
An introduction to SharePoint Online of Office 365 with a focus on project management.
In this presentation, I demonstrate SharePoint basics, creating a site, managing projects using SharePoint and misc. features. It is dedicated to my teacher, Mr. Leung, who encouraged me to present SharePoint to inspire fellow classmates on how to better manage their projects.
Main introduced features:
- SharePoint basics
- Creating sites (under OneDrive for Business)*
- Managing projects
*Note: Sites created this way are traditional Sites instead of the new style of Sites created by Office 365 Groups
Other introduced features:
- Co-Authoring
- Checking Out/In
- Version History
- Alerting
- Syncing with OneDrive for Business
- Site Mailbox (Discontinued. Available in Office 365 Groups at the time of writing)
- OneNote
- Modern UI and Classic UI
- Mobile Access
- Customizing Site Design
- User Management
- Sharing a SharePoint Site
- Wiki Page
- All Site Contents
So You Want to Be a SharePoint Developer - SPS Utah 2015Ryan Schouten
This presentation was given at SharePoint Saturday Utah, February 28th, 2015. The full title was, So You Want To Be A SharePoint Developer, In ~60 minutes you can be a SharePoint Padawan. In this presentation I provide the basis to have a good foundation to start developing on SharePoint.
HTML from A to Z
HTML Basics : Basics-Semantic Elements-Attributes-Block and Inline Elements-Forms-Responsive Web Design-XHTML…..
HTML for Text Formatting : Text formatting-Links-Tables-Lists-Symbols-Space…
HTML Visuals and Media : Layout-Classes-Colors-Images-Multimedia…
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Why React Native as a Strategic Advantage for Startup Innovation.pdfayushiqss
Do you know that React Native is being increasingly adopted by startups as well as big companies in the mobile app development industry? Big names like Facebook, Instagram, and Pinterest have already integrated this robust open-source framework.
In fact, according to a report by Statista, the number of React Native developers has been steadily increasing over the years, reaching an estimated 1.9 million by the end of 2024. This means that the demand for this framework in the job market has been growing making it a valuable skill.
But what makes React Native so popular for mobile application development? It offers excellent cross-platform capabilities among other benefits. This way, with React Native, developers can write code once and run it on both iOS and Android devices thus saving time and resources leading to shorter development cycles hence faster time-to-market for your app.
Let’s take the example of a startup, which wanted to release their app on both iOS and Android at once. Through the use of React Native they managed to create an app and bring it into the market within a very short period. This helped them gain an advantage over their competitors because they had access to a large user base who were able to generate revenue quickly for them.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Security concerns in microsoft share point 2013
1. Security concerns in Microsoft SharePoint 2013
White Paper
July 2014
Introduction
When evaluating the using of a product, one of the first concerns for architects and managers is the security implementation. How secure is the data stored within the product?
The same applies to Microsoft’s best-selling product SharePoint. Is data secured in SharePoint? Are there any loop holes in the security implementation that will enable a hacker to steal or manipulate the data or bring down the SharePoint site?
I think data in SharePoint is not well secured. A hacker who has good knowledge about SharePoint can steal data from lists and document libraries including the users/groups and their permissions.
How security can be compromised in SharePoint?
One of the ways data in lists and document libraries in SharePoint can be modified is through SharePoint Web Services. The following URL points to the list of web services available that can be used to manipulate/administer data in SharePoint.
http://msdn.microsoft.com/en-us/library/office/jj193051(v=office.15).aspx
One of the web services in that list is the “WebSvcLists”. MSDN mentions as below about this web service –
The Lists Web service provides methods for working with SharePoint lists, content types, list items, and files.
To access this Web service set a Web reference to http://<site>/_vti_bin/Lists.asmx.
The following URL lists the methods that are available in this web service.
http://msdn.microsoft.com/en-us/library/office/websvclists.lists_members(v=office.15).aspx
One of the methods is “UpdateListItems”. MSDN describes this method as below –
Adds, deletes, or updates the specified items in a list on the current site.
2. Really, all you need is the JavaScript wrapper methods on this Lists Web service and a simple JavaScript method in an html page to update (add/modify/delete) items in a list.
Here are the JavaScript wrapper methods on this Lists Web service.
A simple html with a JavaScript method will do the trick to insert a number of items in a list in a SharePoint web site. All you need is the URL of the SharePoint site, the name of the list and the contributor permission on that list. Here is that simple html page code.
The html code is as below –
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<script src="SPAPI_Core.js" type="text/javascript" language="javascript"></script>
<script src="SPAPI_Lists.js" type="text/javascript" language="javascript"></script>
<script language="javascript">
function AddAListItem() {
var lists = new SPAPI_Lists("http://btr-sp13-02:12000/sites/Hacking");
for (counter = 0; counter < 100; counter++) {
var batchXML = '<Batch OnError="Continue" ListVersion="1" ViewName=""><Method ID="1" Cmd="New"><Field Name="ID" >New</Field><Field Name="Title">Hacked Item' + counter.toString() + '</Field></Method></Batch>';
var result = lists.updateListItems("HackedList", batchXML);
}
alert('Done');
}
</script>
<title>How to hack SharePoint?</title>
</head>
<body>
<input type="button" id="btnAddAListItem" value="Add A List Item" onclick="javascript:AddAListItem();" />
</body>
</html>
I used the site http://btr-sp13-02:12000/sites/Hacking and the list named “HackedList” which has a simple, one default column “Title”. I have the contributor permission on this list.
From the above html code, I was able to insert 100 items in less than a minute. If I am able to insert 100 items, why can’t I insert a hundred thousand or a million items and bring down the site?
3. I do not need access to the server to logon to do this. All I need is the connectivity to the SharePoint site and the required permission to the list. The above is a simple html code. Not a rocket science to learn and understand this simple code.
Your arguments
Now it is your turn to argue. You say why I should be given the contributor permission to the site/list, first of all? Well, consider a company intranet in SharePoint. You are providing a page in the intranet to enable the employees to update their contact information in a list. In order for me as an employee to update my contact information in that list from that page, you have to provide me the contributor permission to the site/list. That’s all I need. With a little JavaScript coding, I can get the names of columns in that list, and can insert a million items using my above html code (with a little modification) from my laptop. I do not need remote access to the server. All these things can be done from my laptop using a simple html code.
You can implement item level security to disable me from modifying records of others and if you disable users from either adding or modifying or deleting items or all, that will be one solution. But that will restrict the collaboration. Or disallow the SOAP calls to access the website, but the whole purpose of the flexibility is broken because no one including the site collection administrator can make SOAP calls. Is there a way where only site collection administrator can add/modify/delete items?
Solution to this issue (need thoughts on how to implement it)
Allow SharePoint web service calls only if it originates from a web page that is hosted in the SharePoint server (for example, a site page or an application page). Disallow SharePoint web service calls from all other sources. This will make sure that if someone wanted to hack a SharePoint site through SharePoint web services, they first need access to the SharePoint server, which they cannot get.
Conclusion
How to overcome this security loop hole requires considerable thoughts. Some say, we can overcome this issue through workflows and event receivers. But I think it will be a very difficult job (almost impossible) and you may have to sacrifice many features that you may provide in the site. And this may slow down the site. A determined hacker can break all these walls and still can bring down a SharePoint site through these web service calls.
I had provided a possible solution for this issue. If you could find another possible solution, please share it with me.
About the Author
Ramasubramanian Thumati Rajendran has over 15 years of experience in technologies ranging from FoxPro, Visual Basic, .NET, SharePoint, SQL Server, Oracle, and MSBI. He is working as a Principal Consultant with ConsultParagon Computer Professionals P Ltd, Bangalore, India
4. (www.consultparagon.com) managing SharePoint and MSBI projects. He can be reached at rrajendran@consultparagon.com. Alternately, he can be reached at his personal email ram.thumati@gmail.com.
