Allow unsafe update vs run with elevated privileges in sharepoint

What is allow unsafe update and run with elevated privileges in SharePoint 2010? What are the differences between allow unsafe update and RWEP.

 “AllowUnsafeUpdates is set to true when you are trying to update the database.
To GET the content from the content DB, we need to set the AllowUnsafeUpdates = true.
For reasons of security, Microsoft SharePoint does not allow you to make posts from a Web application to modify the content database unless you include security validation on the page.

SPList list= web.Lists["MyList"];
SPListItemCollection items= list.GetItems();
web.AllowUnsafeUpdates = true;
foreach (SPListItem item in items)
{
     item["Title"] = "New Title";
     item.Update();
}
web.AllowUnsafeUpdates = false;

Run with Elevated Privileges

Executes the specified method with Full Control rights even if the user does not otherwise have Full Control.

Code

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite site = new SPSite(web.Site.ID))
    {
    // implementation details omitted
    }
});

Comments

Popular posts from this blog

CAML Query in SharePoint 2010

Calling REST APi from server side code - C#

All about SharePoint 2010 Content Type Hub

SharePoint Interview Questions and Answers

Calling ASP.Net WebMethod using jQuery AJAX