Sandboxed Solutions and Security in WSS 4.0
Partial trust or "Sandboxed" solutions
Runs in a separate process
Everything in the WSP is deployed to a special repository managed by Central Administration. There is a new compilation model to support this repository (that you thankfully don't need to learn about, it "just works", though when the decks are released you'll see all the excellent secure detail).
PTS should be the preferred method of provisioning solutions
Sandboxed solutions are restricted by CAS and the API subset
Fully supported tooling in VS 2010
You can switch your project back and forth between PTS and Full Trust. Note that in Full Trust you can see where in the 14 hive your files will be deployed, which is valuable for new developers learning how SharePoint "works," and then switch back to PTS for packaging.
Sandboxed solutions are managed in Central Administration
Supported elements
Content Type, Site Columns
Custom Actions
Declarative WorkflowEvent receivers, feature receiversInfoPath Form Services[A couple others I missed]
Partially Trusted Solutions (PTS) can run in two modes
Local Mode
Execute code on WFE
Lower administration overhead
Remote Mode
Executes on back-end farm machine
Load-balanced distribution of code execution requests
Can create custom load balancers
Solution Monitoring
Farm Administrators set absolute limitsSite administrators identify expensive solutionsServer resources: CPU, Memory, SQL, Exceptions, Critical Errors, Handles, ThreadsYou can throttle an application with a Resource Quota so that after using up your “points” worth of resources in a day, you’re cut off.
Solution Validators
Allow custom validation of a solution, installed at the farm scopeInstalled in a FeatureActivated eventOnce deployed, when you attempt to deploy a solution that breaks a validation rule, an error is displayed