IT Security Bulletin: December 2012.

SQL injection is used by hackers to gain access to your database. Cross-site scripting lets a hacker add code to your website to execute tasks. A few simple steps can protect against these common attacks if you know where the weaknesses are in your network.

Download: SSL 101: The 45-Page Guide to Web Application Threats

This 45-page guide will help you understand the risks facing your business today. It focuses specifically on the risks of data loss and loss of customer trust and discusses the ways you can use SSL to protect yourself and your business.

This guide will help you understand the methods, implications and protection measures of attacks such as intercepting communications, spoofing, directed attacks, improperly managed access control and more.

5 PowerShell snippets for SharePoint branders

A very good post by Christian on PowerSheel Snippets.

PowerShell is a command-line scripting tool that provides an administrator full access to applicable application programming interfaces (APIs), along with the ability to unlock the capability to interact directly with SharePoint 2010 Products to manipulate Web applications, site collections, sites, lists and much more. So what’s a useful thing to do with PowerShell as a SharePoint brander or a front end developer? Well, there are a lot of different types of tasks you can use PowerShell to, for example populate a list with a large amount of objects when you need to performance test your Data View Web Part or if you need to apply a theme to let’s say some site in the structure including its sub sites or if you need to batch update properties of a collection page layouts.

Maybe you see something that can be written more efficient or if you have some cool snippets of your own you like to share, please drop this in a comment. Take these snippets as they are, try them first in your developer or test environment and feel free to use them and modify in the way you want.

Running PowerShell scripts is easy and you will find many resources out there if you never used PowerShell before, when you know the basics it’s just to go ahead and try these out. This stuff is written for SharePoint 2010 but most of this can be used in SharePoint 2013 as it is.

1. Change Master Page for all sites in the collection

In this example, we are apply a customer master to all the sites in the site collection, this can be rewritten specific for SharePoint foundation, where PowerShell is much useful for such task. In this snippet I have set V4.master, so have to change the name of the master page file if apply a custom master page.

# ----- For publishing sites and non publishing sites

$site = Get-SPSite http://intranet

foreach ($web in $site.AllWebs) {

$web; $web.CustomMasterUrl = "/_catalogs/masterpage/V4.master";

$web.Update(); $web.CustomMasterUrl;

$web.Dispose()

}

foreach ($web in $site.AllWebs) {

$web; $web.MasterUrl = "/_catalogs/masterpage/v4.master";

$web.Update(); $web.MasterUrl;

$web.Dispose()

}

$site.Dispose()

write-host "Complete! V4.master is now applied";

2. Set alternate CSS

In this way you can set a custom CSS file as an alternate CSS at the top site of your site collection, publishing sub sites will inherit the alternate CSS by default.

$web = Get-SPWeb http://intranet

$web.AlternateCssUrl = "/Style Library/MyStyles/main.css"

$web.AllProperties["__InheritsAlternateCssUrl"] = $True

$web.Update()

3. Set a site logo

With this one you can associate a logo with all sites in the site collection by entering the URL to an image file.

(get-spsite http://intranet).AllWebs | foreach {

$_.SiteLogoUrl = "/Style%20Library/MyClient/Images/ClientLogo.png";

4. Set regional setting/locale

This one can be handy when you need to specify the way the site displays numbers, dates, and time. In this example I set locale to Swedish (1053).

$site = Get-SPSite http://intranet

foreach ($web in $site.AllWebs) {

$web; $web.Locale = 1053;

$web.Update(); $web.Locale;

$web.Dispose()

}

$site.Dispose()

5. Set a theme

This one will set a theme to all sites in the site collection. This script is originally written by MVP Yaroslav Pentsarskyy

$SiteUrl = "http://intranet"

$NewTheme = "Azure"

# Loading Microsoft.SharePoint.PowerShell

$snapin = Get-PSSnapin | Where-Object {$_.Name -eq 'Microsoft.SharePoint.Powershell'}

if ($snapin -eq $null) {

Write-Host "Loading SharePoint Powershell Snapin"

Add-PSSnapin "Microsoft.SharePoint.Powershell"

}

# Setting site themes on sites and sub sites

$SPSite = Get-SPSite | Where-Object {$_.Url -eq $SiteUrl}

if($SPSite -ne $null)

{

$themes = [Microsoft.SharePoint.Utilities.ThmxTheme]::GetManagedThemes($SiteUrl);

foreach ($theme in $themes)

{

if ($theme.Name -eq $NewTheme)

{

break;

}

}

foreach ($SPWeb in $SPSite.AllWebs)

{

$theme.ApplyTo($SPWeb, $true);

Write-Host "Set" $NewTheme "at :" $SPWeb.Title "(" $SPWeb.Url ")"

}

}

Write-Host "Themes updated at:" $SPSite.Url -foregroundcolor Green

More

If you’re a truly SharePoint Designer guy, why not use PowerShell to check if you allowed to do your branding stuff before fire it up…

Get-SPDesignerSettings -webapplication http://intranet

There’s lot of blogs about using PowerShell in SharePoint but here’s a pic of a few cool scripts that somehow are related to this topic.

N8Design Stefan Bauer – Hide fields from list forms using PowerShell

MSDN Samples Stefan Bauer – version cleanup in SharePoint

Gary Lapointe – Reset Theme

Finally he’d like to give thanks to MVP Cathy Dew for inspiring discussions about this topic; PowerShell from a brander’s perspective as well as he’d like to thanks Falak Mahmood for general discussions and suggestions for the use of PowerShell.

Question and answers asked at webinar: A deep dive into SharePoint 2013

1.     What’s the upgrade method from 2010 to 2013?

The in-place upgrade method is gone, which is good, because it was never a viable option for a production SharePoint upgrade due to the lack of rollback capabilities.

When upgrading to 2013, the approach starts with a content database attachment. When the database is attached, the SharePoint 2013 servers will contain the code for both SharePoint 2010 and SharePoint 2013.

Sites in the attached database will initially operate with the 2010 framework. Site collection administrators will have an option to run a trial upgrade, preview the results, and either revert back to the 2010 version or complete the upgrade to 2013. While they are previewing the results, the 2013 version of the site is actually a copy of the 2010 site.

2.     What is the difference between search and e-discovery?        

Search is a function performed by any users looking for content. E-discovery is a legal process involving the location of documents related to a specific legal action. When conducting the E-discovery, there are specific pieces of functionality available to legal professionals, such as the ability to place a hold on content to keep it from being destroyed.

3.     Is the workflow azure now an on-premise solution?

Both. The Windows Azure Workflow service can be hosted by Microsoft on the Azure platform. This option requires no local solution. However you can also install this service on your local servers. This may be installed on your SharePoint server or a dedicated server.

4.     If BCS can be developed and deployed within the application, how the data connection changes be taken care for migrating those application on production environment?

The BCS connection in the SharePoint App would be updated to match the environment it was being deployed to. The updated app can be published to the Office.com Marketplace or internal Catalog. The site collection owner will see a message that the App is ready to be updated and they can trigger the update process that contains the updated connection changes.

     5. So, the new Client API will have methods to get access to objects above the Site Collection? Currently the client API in 2010 can't.

The Client API can be used to make HTTP requests across and within site collections. This is vastly improved over SharePoint 2010. You can access operations at the Site, Web, Lists, Libraries, Workflows, BCS, Permissions, etc. What you can’t do is higher level operations, such as working with the web application objects or other farm level objects.

6.     How can we get access to server objects?

When developing Apps for SharePoint 2013, most operations that take place within a Site Collection (Lists, libraries, workflows, BCS, etc.) can be accessed using the Client APIs. You could also deploy your own service to your environment that can be used to interact with any Server Objects and then access this service through your App. A Self-Hosted or Azure-Hosted App for SharePoint can be written using server-side technologies such as ASP.NET,

Java, or PHP and can take full advantage of their server-side capabilities.

7.     Please mention what BCS is.

Business Connectivity Services. BCS provides the framework to interact with data that resides outside of SharePoint, for example as SQL Database containing your LOB data.

8.     Have there been any improvements in the area of using touch interfaces on mobile devices?

SharePoint 2013 now provides the ability to create completely different looks(master pages) for the same site but for different platforms. These device channels, as they are called, provide the ability to have one look for browsers, one for tablets, and one for smart phones.

9.     What changes will be made in Nintex for SharePoint 2013?

Nintex will be announcing their changes for SharePoint 2013 shortly. In the meantime, Nintex has provided a Platform Preview for SharePoint 2013 that utilizes the new SharePoint App Model.

Reference: www.abelsolutions.com

The server returned a non-specific error when trying to get the data view from the data source

Error when creating a SOAP Data Source in SharePoint Designer 

With Microsoft SharePoint Designer 2010, you can easily link data sources that contain interrelated data to one another. You can even link data sources of separate types — for example, you can link an XML file to an SQL database. By linking multiple data sources, you create a single data source that appears in the Data Sources list with all of your other data sources.

Consider the following scenario:

§  You create a web application which is configured to use claims-based authentication with NTLM 

§  You create a custom list or use an existing list with some data. 

§  You create a SOAP data source in SharePoint Designer & configure to authenticate as a claims user 

In this scenario, you receive an error similar to the following

The server returned a non-specific error when trying to get the data view from the data source

Cause: I am trying to find out the root cause behind this issue but most probably the answer would be- SharePoint impersonates the anonymous IIS user account and is denied access to the resource.

Resolution:

1.      Open IIS Manager. 

2.      Expand site and find the application to which you are connecting from SharePoint Designer. 

3.      Right click, select Explore. 

4.      Open the web.config file 

5.      Search for <appSettings> 

6.      Find the line with <add key="aspnet:AllowAnonymousImpersonation" value="true" /> 

7.      Change it to <add key="aspnet:AllowAnonymousImpersonation" value="false" /> 

8.      Save the file 

9.      Add the Data View from SharePoint designer.

If you have any queries/questions regarding the above mentioned information then please let me know, Thank you