I was wondering why Sitecore recommend to use the UserSwitcher instead of the SecurityDisabler.
I'm ok with the fact that if you are adding items in sitecore for example, you have more control with the UserSwitcher (Only give the right to add items in a specific folder)
Is it to prevent stupid code (i mean, oh let's delete all the children of /Sitecore/Context ^^)? or maybe there is a security breach when you do that ?
Thanks
If you use the UserSwitcher()
, everything you do is done in the context of a user. The user can be an Administrator and can do everything. Maybe you want to create a "service user" with only specific permissions or whatever, you can use this user to do what you want.
If you use the SecurityDisabler()
Sitecore will not do any permission checks at all. In fact, the result will be the same as if you use the UserSwitcher()
with an administrator, but you have no control over the context.
Partly it's to prevent 'incorrect' things happening, I'd say. You can't inadvertently do something you didn't want, because you don't have the access to it.
A side effect of this is that Sitecore will have the user provided in the UserSwitcher
as name against the action, rather than 'Anonymous'.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With