2

Edit to clarify: The purpose of this isn't to replace SharePoint security or to add some extra super security or about trust in SharePoint, it is instead to consider something that is very much non-standard and the possibility of its implementation as well as where it may be feasible and the limitations it would include. Ultimately SharePoint is a starting ground for a tremendous amount of customization and unique development, and I find it interesting to explore strange situations like the examples.

First I would like to address the obvious... Yes SharePoint does not directly support this type of thing, and instead of Password protection SharePoint uses Permissions to security trim items itself using Windows credentials.

I would like to propose two situations,

  1. a Business Owner/Manager wants to secure a document/Folder/Library/List with a password and is not comfortable with it simply showing up or not based on who is logged in.
  2. a site with anonymous access has content which is password protected to allow only specific users (say the person who created it) to view the content (excluding the title)... Note that we are ignoring how the user gets the password in the first place.

If one were to be in one of the above two situations, how would you go about creating a means of password protecting a given item?

For the purposes of this question, the important points of information are....

  • How is the password stored and associated with the item
  • How is the user prompted to enter the password (GUI, display, and time/location of authentication)
  • What security is in place to ensure items are not viewed without entering the password first if at all
  • Do you think this is practically possible in the first place, and what specifically makes you feel this to be the case (just to use the existing SharePoint permissions is not an appropriate answer to this point)
Improve this question

4 Answers 4

Reset to default
1

You could remove all SharePoint rights from the list so that no one has access to the items right off the bat with the exception of Site Collection admins and users that fall under Web Application user policies, etc. If this is not acceptable then I don't think SharePoint will work for your needs.

Once that is done you can utilize the SharePoint API to create a custom form / web part / whatever combined with traditional web security techniques and expose the items to those who have "authenticated" via SPSecurity.RunWithElevatedPrivileges();

Improve this answer
2

Completely batty requirement to be honest.

If you don't trust the SharePoint security model to handle your security, you're going to struggle to write something more secure yourself in SharePoint. SharePoint can use multiple authentication providers on the same site, but I don't think you can require authenitication against multiple providers at the same time.

Improve this answer
0

Well Office documents can have passowrds generated for them so they can be locked further beyond living behind the credentials of SharePoint access. I've never heard of anyone doing folder/library/list password restriction in conjunction with standard SharePoint authorization.

But if the data is truely that sensitive or confidential, it shouldn't go in a SharePoint site that goes outside the network, let alone one that has anon access enabled. You're asking for a leak, because the weak point in all these are going to be the people behind the keyboard, whether it's malicious or accidental.

Improve this answer
3
  • Anon Access Point: The reason i mention anonymous access is really in terms of using SharePoint in a non-commercial environment, with privacy but without a login. A strange situation to be sure, but not inconceivable. Keep in mind the situations are examples meant to give a bounds on the problem, rather than add requirements. Commented Jun 6, 2012 at 19:39
  • Leak Point: You are 100% correct and from the get-go I expected it to be nearly impossible to actually implement this securely within the SharePoint architecture. That said it brought up the question of when and where it would be feasible, and how much so. That is part of the purpose of the question, to determine the situation in which it would be possible to implement and its value in doing so. Commented Jun 6, 2012 at 19:41
  • When you have anon accessible content and are trying to access something with broken permissions, you'll be prompted to provide your credentials when you try to access it. Personally, I wouldn't go too far from anon landing pages into secured content areas. It all depends on the nature of the content, but typically Sharepoint permissioning works well enough. Commented Jun 6, 2012 at 20:14
0

try this- http://www.boostsolutions.com/columnpermission.html

This is a verry helpful tool that i have used. It is pricy though.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.