Hello,For security reasons, I had to modify the response headers and custom the Content-Security-Policy. Everything works fine whether it's the live site or the admin. Nevertheless, when I want to ...
In the CMS when editing a page, you can go to the Properties tab and @Page alias@ is an option. I want to be able to remove or restrict access to that option for web editors since everyone plays wi...
Hello Kentico community,I've identified a potential security vulnerability in Kentico 13, where end users can access BizForm data and associated file attachments through direct URLs, compromising t...
From the look in the CMS_User table, we are using PBKDF2 algorithm to hash the password but we are not sure what configuration (e.g. Algorithm like SHA256, Iteration, salt size etc.) is used to gen...
We have 2 sets of domains pointing to our UAT admin site. The one set is the default Azure App Service web app domain. The second is a custom domain we own. The A record is pointing to the public I...
Intended functionality: Secured PDFs should only be accessible by users with privilege level set to @none@ and role set to @member@ (as well as by users with privilege level set to @Global Administ...
I have a request from my business unit to control access to various areas of my MVC site (Version 11.0.26). We are aware of standard user login tracking within the .Net framework but are wondering...
The security appears to work for the .net authentication, but when I start a new session that’s already logged in the Kentico check appear to fail on first try, then succeed.e.g. LoginClose browser...
Hi,I'm looking for a way to get a list of roles that are assigned to a page that my widget is on. BackgroundI have a widget that in one config is performing some filtering of other documents, in ...
Hi Guys,I have just been asked what kind of security does kentico have when communicating between the database and website and website and admin. How does it handle sercurity.The site is bound to a...