Portal Engine Questions on portal engine and web parts.
Version 5.x > Portal Engine > Staging Service Security View modes: 
User avatar
Member
Member
scott_hancock-urmc.rochester - 8/22/2011 12:43:39 PM
   
Staging Service Security
Hi,

I have a question about the staging service from our security team. You describe it as a secure web service, but what does that mean? Are the passwords encrypted when they are sent to the server? Are they only encrypted if you are using X509? Their concern is that since our production server is outside the firewall, that hackers could use the staging service to deface our site. So can you describe how the service is secure?

Thanks,
Scott

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 8/23/2011 1:54:41 AM
   
RE:Staging Service Security
Hi,

For content staging we are using a Microsoft technology/web service (Microsoft.Web.Services3.dll) and this is secured. In addition to that, you can use the X509 encryption.

Best regards,
Juraj Ondrus

User avatar
Member
Member
scott_hancock-urmc.rochester - 8/23/2011 7:44:04 AM
   
RE:Staging Service Security
Hi,

You say it's secured but what does that mean? Does it mean it's secured by a password sent in clear text?

Thanks,

Scott

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 8/23/2011 12:06:24 PM
   
RE:Staging Service Security
Hi,

Since it is standard Microsoft .Net assembly (web service) you may find more on the MSDN or Microsoft forums how exactly it is secured. Anyway, I am not aware of any security issues and I was not able to find any using Google.

Or, I found this article - http://aleemkhan.wordpress.com/2007/09/18/using-wse-30-for-web-service-authentication/

Best regards,
Juraj Ondrus