The Unknown AxCMS.net Security Option

by dan 5. November 2009 11:31

Whenever you check the SQL Databases for AxCMS.net, you will wonder that all passwords are stored in clear text by default.

As this should be no option for productive systems there is an fairly unknown security option described in the AxCMS.net help files:

  • EncryptPasswordsMS
    This option will encrypt all passwords on management system if set to 1

  • EncryptPasswordsLive
    This option will encrypt all passwords on live system if set to 1

Both options need to be defined in the web.config files: the MS web.config has to define both entries, while the LS web.config only has to state the EncryptPasswordsLive key.

The only thing I wonder about: If we have such a fine configuration that enables a higher security level at absolutely no costs: Why isn´t it set in default web.config files?

Tags:

Submit to DotNetKicks...
Permalink | Comments (0)

Comments

Add comment




  Country flag

biuquote
  • Comment
  • Preview
Loading



Dan Wucherpfennig - AxCMS.net evangelist

Dan Wucherpfennig is an IT consultant employed at EDV-Partner (http://www.edvpartner.de), a Hamburg based system integration and consulting company. 

Having many years of experience in developing projects with AxCMS.net, Dan has been awarded as an AxConsultant during the AxDays 2008.

Calendar

<<  February 2012  >>
MoTuWeThFrSaSu
303112345
6789101112
13141516171819
20212223242526
2728291234
567891011

View posts in large calendar