Tag Archives: security
In this episode we look at the recently released critical security patch and talk about the importance of staying up to date with the latest security updates. Once these patches get released publicly, it won’t take long for someone to decompile them and reverse engineer it to identify the vulnerability.
In this video we take a look at a couple of ways of denying rights to content in Sitecore: explicit and inheritance denials. Although the inheritance denial is generally recommended, there is time and place for both. Watch this video to understand the difference and recommended applications.
In this episode we look at how to enable communication between the delivery servers and the master database. We should already know that writing directly to the aster database is a bad idea, so what can we do? Sitecore remote events come to the rescue. Watch this video to see how to properly record user […]
In this episode of Friday Sitecore Best practices we take a look at two ways of overriding Sitecore security restrictions with code – SecurityDisabler and UserSwitcher. It is important to understand the difference between the two methods and the implications of misuse. Watch this video to understand why the UserSwitcher is the recommended approach. […]
Very frequently Sitecore developers create content that must remain in a certain location. Sitecore provides us a very useful feature to ensure no changes can be made to a particular item via item protection “Read Only” setting. This setting is much more powerful than removing write access to the item; watch this video to find out […]
In this episode we look at the recent hack that happened to over 28,000 Mongo databases and the importance of setting up login authentication on the database. Mongo by default installs without a login enabled and it is important to remember to enable that whether an instance is publicly exposed or sitting on an internal […]
Friday Sitecore Best Practice: Stay Secure by Disabling the Admin Account and Encrypting All CMS Traffic
This is a very important , I would say – an essential episode on security! In this video we cover a couple of tips on security. First, we look at the reasons why we want to disable the admin account to decrease the the risk of someone hacking that account. Second, we cover the importance of […]
In this episode we look at the danger of copying the Data folder to the Sitecore IIS root folder, Website. It seems obvious from the sidelines, however, this is way too often to fix the “missing license” error that Sitecore throws if the “dataFolder” setting hadn’t been updated to point to the proper location of […]
In this episode we talk about the importance of changing the Media.RequestProtection.SharedSecret setting and the possible consequences that await you, if you don’t.
The UploadWatcher monitors the \Website\upload folder and uploads file placed in it into the Media Library. While this can be very handy in Content Management environments (for instance, having pictures automatically copied into the \Website\upload folder by a script), it may cause a security risk in publicly accessible Content Delivery environments, therefore, it must be […]