The Unknown AxCMS.net Security Option

by dan 5. November 2009 11:31

Whenever you check the SQL Databases for AxCMS.net, you will wonder that all passwords are stored in clear text by default.

As this should be no option for productive systems there is an fairly unknown security option described in the AxCMS.net help files:

  • EncryptPasswordsMS
    This option will encrypt all passwords on management system if set to 1

  • EncryptPasswordsLive
    This option will encrypt all passwords on live system if set to 1

Both options need to be defined in the web.config files: the MS web.config has to define both entries, while the LS web.config only has to state the EncryptPasswordsLive key.

The only thing I wonder about: If we have such a fine configuration that enables a higher security level at absolutely no costs: Why isn´t it set in default web.config files?

Tags:

Submit to DotNetKicks...
Permalink | Comments (0)

Comments

Add comment




  Country flag

biuquote
  • Comment
  • Preview
Loading



Dan Wucherpfennig - AxCMS.net evangelist

Dan Wucherpfennig is an IT consultant employed at EDV-Partner (http://www.edvpartner.de), a Hamburg based system integration and consulting company. 

Having many years of experience in developing projects with AxCMS.net, Dan has been awarded as an AxConsultant during the AxDays 2008.

Calendar

<<  July 2010  >>
MoTuWeThFrSaSu
2829301234
567891011
12131415161718
19202122232425
2627282930311
2345678

View posts in large calendar