Export (0) Print
Expand All

Server Side Development

CRM 1.2
banner art

Best practices for developing server side code for Microsoft CRM include the following:

  • Do not modify the Microsoft CRM database by any means other than using the SDK because this by-passes the Microsoft CRM security model.
  • Use Workflow .NET Assemblies instead of using Post URL in workflow rules.
  • Callouts are running in an administrator's context – you should be aware that this code may access information that the logged on user does not have access to.
  • For callouts, workflow assemblies and plug-ins, avoid writing code that takes a long time to execute. It is particularly important that your code returns as quickly as possible. Failure to do this may result in Denial of Service (DOS).
  • If you are replicating Microsoft CRM data in your own data store, you are responsible for the security of the data.
  • Data that comes out of Microsoft CRM cannot be assumed that it is safe for rendering. Data may have been injected with insecure HTML tags.
  • Adhere to the requirement of not accessing the Microsoft CRM databases directly through SQL Enterprise Manager. By-passing the SDK can open you up to SQL injection threats.
  • For internet facing deployments, remember that your solution is only as secure as the weakest link. Once your application is exposed to the internet, it is open to security threats.
  • Use only languages that produce managed code for the best security from buffer overruns, exceptions, etc.

For more information about security, see the following:

  • NET Framework Developer's Guide, Securing Applications at http://msdn.microsoft.com/library/en-us/cpguide/html/cpconsecuringyourapplication.asp 
  • Secure Coding Guidelines for the .NET Framework at http://msdn.microsoft.com/library/en-us/dnnetsec/html/seccodeguide.asp

© 2007 Microsoft Corporation. All rights reserved.

© 2015 Microsoft