security question - Internal communication between website and admin

Ivan Louw asked on November 15, 2021 02:08

Hi Guys,

I have just been asked what kind of security does kentico have when communicating between the database and website and website and admin. How does it handle sercurity.

The site is bound to a certificate, but the ssl setting has not been enabled as the admin is internal and locked down to certain users. Is this a security risk?


Recent Answers

Juraj Ondrus answered on November 15, 2021 05:25

In this case SSL is highly recommended. It is also because modern browsers can block the requests if you are running on different domains. The connection to the DB is handled by .NET framework or .NET Core. So this should be OK. The, the communication between Kentico admin and live site app is ensured through special URLs which contains security hash + there is also a session and security cookie.

1 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.