次の方法で共有

"My Recent Documents" web part on the Public "My Site" page

  • [アーティクル]

On the Public view of the "My Site" page you will notice there is a web part called "My Recent Documents". This is generally liked however people often have concerns about the following:

1. It "can" display sensitive documents to end users
2. It is difficult to remove

So, just though it would be useful to:

1. Explain why it does not pose any security risk at all:

a) What is "My Recent Documents", well it is just a web part, just it is a static web part, which means it is embedded into the SPS template making it impossible to remove via the browser.
b) The results displayed in the web part come from SharePoint Search indexes, it just does a query that looks for any results where Author = name of the user whose profile is being displayed (in reality it may be a little more fancy than that.
c) Because it uses SharePoint search the results are security trimmed so that a user will only see those documents they have access to, this should eliminate any security issues you may have.

2. Document how this web part can be removed:

It can be removed by doing the following:

a) Open the following file: <drive>:\Program Files\Common Files\Microsoft Shared\web server extensions\60\TEMPLATE\<Locale ID>\SPSMSITE\Public.aspx

 
b) Search for a delete the following string: <SPSWC:ProfileDocuments FrameType="TitleBarOnly" id="ProfileDocuments" runat="server" />

 
c) Save, and refresh the public page.

Comments

  • Anonymous
    May 26, 2004
    Hi Daniel, we had the same complaints. Even though security prevents unauthorized access, people just didn't want others to see what they had been working on. We removed the part via Front Page 2003.
  • Anonymous
    May 26, 2004
    Building Your First Business Process ... shows how easy it is to build a business process using Visual Studio .NET and BizTalk Server 2004, expose that business process as a Web service,
  • Anonymous
    May 27, 2004
    Mark Harrison tries his hand at spam. (I've seen this "comment" before and it wasn't really relevant there either)
  • Anonymous
    May 27, 2004
    The comment has been removed
  • Anonymous
    May 27, 2004
    Mike - your comment adds little value too. I didnt manually add this ... its the way .Text trackbacks work - reference any other blog entry and it automatically adds a comment - and not neccessarily using appropriate text.
  • Anonymous
    August 04, 2004
    What happens if two authors have similar names? You will have a query string like this: "http://servername/search.aspx?db=Smith%2c+Peter&wd=Recent+documents+by+Smith%2c+Peter".
    And therefore similar results for both authors.
    Mmmm.
  • Anonymous
    August 06, 2004
    Hey Steven, I dont know exactly how this web part works, however I suspect it would perform a query via the SharePoint SQL-like query language rather than via a querystring and the Search.aspx page (more info on this in the SDK). This would mean it could restrict the search by using WHERE clauses like "Author CONTAINS <Username>" or even "Author = <username>".

    This would avoid the problem you discussed.

    Hope that helps,
    Daniel