Sandboxed Solutions and Security in WSS 4.0

Partial trust or "Sandboxed" solutions<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>

Runs in a separate process

Everything in the WSP is deployed to a special repository managed by Central Administration. There is a new compilation model to support this repository (that you thankfully don't need to learn about, it "just works", though when the decks are released you'll see all the excellent secure detail).

PTS should be the preferred method of provisioning solutions

Sandboxed solutions are restricted by CAS and the API subset

Fully supported tooling in VS 2010

You can switch your project back and forth between PTS and Full Trust. Note that in Full Trust you can see where in the 14 hive your files will be deployed, which is valuable for new developers learning how SharePoint "works," and then switch back to PTS for packaging.

Sandboxed solutions are managed in Central Administration

Supported elements

Content Type, Site Columns

Custom Actions

Declarative WorkflowEvent receivers, feature receiversInfoPath Form Services[A couple others I missed]

Partially Trusted Solutions (PTS) can run in two modes

Local Mode

Execute code on WFE

Lower administration overhead

Remote Mode

Executes on back-end farm machine

Load-balanced distribution of code execution requests

Can create custom load balancers

Solution Monitoring

Farm Administrators set absolute limitsSite administrators identify expensive solutionsServer resources: CPU, Memory, SQL, Exceptions, Critical Errors, Handles, ThreadsYou can throttle an application with a Resource Quota so that after using up your “points” worth of resources in a day, you’re cut off. 

Allow custom validation of a solution, installed at the farm scopeInstalled in a FeatureActivated eventOnce deployed, when you attempt to deploy a solution that breaks a validation rule, an error is displayed