MOSS 2007 & WSS
Code (packaged in .wsp files) is supposed to run in full trust mode on the server
SharePoint 2010 & SharePoint Foundation 2010
code (packaged in .wsp files) can run on the server in full trust mode, on the server in partial trust mode (sandbox , uploaded by a site collection administrator), or in the client. The main benefits of the sandbox code was that the code couldn’t screw up the farm and therefore was interesting in hosted scenarios where the farm is shared across multiple clients (tenants); the problem was the server side api provided through the sandbox was limited and the architecture was not very scalable & reliable.
Code (packaged in .wsp files)can run on the server in full trust mode, on the server in partial trust mode (sandbox), on the client, or on the client hosted on a non SharePoint Server (like Azure, Apache,…) (and packaged as .app file); the new application model is called the App Model and is “very” client side oriented (CSOM, REST/OData).
Apps can be hosted in SharePoint (“SharePoint hosted apps”), in Azure (“Azure hosted apps”) or in other platforms (“developer hosted apps”).
In the case of “Azure hosted app”, a SQL Azure database and an Azure hosted web site can automatically be provided and used by the app during its deployment. Of course the app will still take advantage of what SharePoint 2013 provides : a wide variety of features—such as Search, workflow, social networking, taxonomy, user profiles, and Business Connectivity Services (BCS).To take advantage of SharePoint features the app must communicate with SharePoint via CSOM (Client Side Object Model) or OData (Rest API) and will be granted permission via OAuth2.
Basically apps are decoupled from SharePoint and therefore will never run in the context of SharePoint Server, but they will run in the context of the browser or in the context of the hosted platform (could be LAMP,…).
What is also interesting and new is that SharePoint apps can run in the context of Office 2013 Rich Clients.
The good practice will be to privilege the new more flexible App Model by default; the sandbox is still supported but not recommended anymore. Don’t forget the good old server-side model however (but I believe that you can forget the sandbox).
Apps can be centralized in a Corporate or a Public marketplace.
Since SharePoint apps don’t run on the same machine as SharePoint, I believe that upgrading to future releases of SharePoint will be much easier if most customizations are based on the new app model.
several things that SharePoint apps cannot do :
- SharePoint apps cannot call SharePoint server side code
- SharePoint apps cannot access SharePoint components that are not on the same site
- SharePoint apps cannot include anything that cannot be included in a sandbox solution
- a SharePoint app cannot de dependent (or communicate with) on another SharePoint app