Forums (Obsolete)

Old Forums

Installation and deployment

Version 7.x > Installation and deployment > Security checks for deployment - lock down

View modes:

Member

mvcftw-gmail - 7/18/2013 4:40:07 PM

Security checks for deployment - lock down

What steps should I take to ensure the deployment of my site is secure?

I've given the administrator account a complex password

The ASP.NET account the app pool is running as has modify permissions. It passed the installation screen permission check (though strangely fails the "SiteManager -> Administration -> System -> Files -> Test Files" test. Everything is OK, except Modifying which failed)

I've ensured no users have any blank passwords.

What else can I do?

Exactly what permissions should the database account have?

Kentico Legend

Brenden Kehren - 7/18/2013 10:58:37 PM

RE:Security checks for deployment - lock down

Check this knowledge base article out and the linking info on the CMSHelp directory.

Also check out the settings in the web.config parameters you can set.

If you're concerned with cross-site scripting, you might want to HTMLEncode your text output as well. I choose to use the Microsoft AntiXss library over the built-in HTMLEncode method.

Here is a great blog post about database and file system security. It is from 2009 but I don't believe much has changed (except operating systems).

Get familiar with the CMSSiteManager>Settings section. Look at what is set globally and what can or cannot be set by site. There are quite a few security settings in there. Once you start working in the CMS and you have all the other security items are set, check out the UI Personalization you can do by security role. That is a very nice feature.

Best of luck


Member	mvcftw-gmail - 7/19/2013 11:49:30 AM RE:Security checks for deployment - lock down Thanks FroggEye. You're a real asset to this community.

Top