Friday Sitecore Best Practice: Avoid Exposing the Data Folder

Vasiliy Fomichev

In Best Practices, Security Posted

In this episode we look at the danger of copying the Data folder to the Sitecore IIS root folder, Website. It seems obvious from the sidelines, however, this is way too often to fix the “missing license” error that Sitecore throws if the “dataFolder” setting hadn’t been updated to point to the proper location of the Data folder.



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Thomas Eldblom
    June 19, 2016 at 3:16 pm

    Another practical and secure approach is to rename the webroot/data folder to webroot/app_data. This folder is secured by .NET and makes it possible to have relative paths in the config – which ultimately means easier deploys across environments.