umbraco Forum » Misc » Misc » Security

Security Options
Previous Topic · Next Topic
neskire
Posted: Monday, November 24, 2008 3:04:11 PM
Rank: Newbie

Joined: 6/6/2008
Posts: 4
Location: Denmark
Hi all,

Is there any guidelines to good security in umbraco ?

I am thinking in terms of access to xslt-files and such.

If I do a:

http://www.umbraco.org/documentation/books/hide-debugging-features-for-production-systems?
umbDebugShowTrace=True

or a:

http://www.umbraco.org/documentation/books/hide-debugging-features-for-production-systems?umbDebug=True

I get all the information on macro-names, and from there I can go to the xslt-folder:

http://www.umbraco.org/xslt/BookInfo.xslt

Couldn't this potentially be used to sniff out information about my backend, at least if I had made a backend, that exposed critical information?


--
Best regards
Neskire
Back to top
 
drobar
Posted: Monday, November 24, 2008 5:23:54 PM

Rank: Umbracoholic

Joined: 9/8/2006
Posts: 1,831
Location: MA, USA
I suppose it's possible so if you're concerned about it you should follow the advice in http://www.umbraco.org/documentation/books/hide-debugging-features-for-production-systems.

This is also a handy page that talks about setting the debug="false" flag in the web.config and why you would want to do that for a production site. http://www.aspnetresources.com/articles/debug_code_in_production.aspx

cheers,
doug.
MVP 2007-2009 - Percipient Studios
Back to top
 
Users browsing this topic
Guest

umbraco Forum » Misc » Misc » Security


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.