SameSite is an HTTP cookie header that provides a certain level of protection against Cross-site request forgery (CSRF) attacks by limiting where and how the cookies can be used. This article describes two methods of setting this header in Kentico.
Hi all,We have the below issue reported from our security team.When we enter the username @ password in CMS admin login form and submit, a POST request is sending to the CMSpages/Login.aspx page an...
HelloFor a form, when I set the autoresponder to 'do not send', I get an error when I try to insert a new record into the form. The logs report back that it was due to a invalid email address bein...
What would be the best way (area in Kentico) to validate a user password at point of registration against a list of known bad passwords i.e. a blacklist (.txt file) of passwords from historic data ...
Im trying to develop an encryption module for kentico forms to secure PII. I've been able to encrypt the data by creating an event handler on form submit, but am running into issues when I attempt...
The situation is that I have an expensive query that I'm running that pulls in a moderate amount of tree nodes (200-400) and does some time intensive work getting them ready for display. I don't w...
Hi, I'm trying to redirect new users to the @Change Password@ page. I've implemented a custom handler to handle this @SecurityEvents.Authenticate.Execute@ event. Below is a portion of my code...pub...
HiI have a huge problem with macros signing. I see dozens of errors in event log when opening just home page (as example). What I've tried already:checked if CMSHashStringSalt is in web.config - it...
I found that some special links does not have __CMSCsrfToken value It also happening in this forum. Ex: https://devnet.kentico.com/imagegen.ashx
As per the Whitehat Security report it says there is a vulnerability on Host or X-Forwarded-Host request headers on our site build using Kentico and hosted in AzureHow are we preventing this type o...