Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Skins, Themes, ...Skins, Themes, ...Why add a "dnn_" prefix to all idWhy add a "dnn_" prefix to all id's?
Previous
 
Next
New Post
11/25/2008 3:18 AM
 
Harry -


Joined: 5/8/2006
Posts: 168

Just curious why DNN is adding a "dnn_" previx to all id's?

EXAMPLE: <div id="dnn_LeftNav" class="LeftNav">

I am a bit hesident in showing DNN stuff though out the source code as hackers can easily find out that the site is using DNN & then look around for exploits.

Is this done for a particular reason or is it just a branding thing?
 
New Post
11/25/2008 4:08 AM
 
Erik van Ballegoij


Erik van Ballegoij's Avatar

erikvanballegoij.com
Joined: 4/7/2004
Posts: 4445

i am not completly sure, but i think you can change that by changing the prefixes in the skin's ascx files

Erik van Ballegoij, Former DNN Corp. Employee and DNN Expert

DNN Blog | Twitter: @erikvb | LinkedIn: Erik van Ballegoij on LinkedIn
 
New Post
11/25/2008 10:13 AM
 
Jeff Cochran


Joined: 6/3/2005
Posts: 2799

Good programming.  Identifies controls quickly as DNN or not.  Hackers don't care if your site is running DNN, can find out in many other ways and whether or not it's running DNN doesn't introduce any specific security issues.

Jeff
 
New Post
11/25/2008 11:12 AM
 
Harry -


Joined: 5/8/2006
Posts: 168

Thanks Erik & Jeff for your answers :)

Jeff can you please explain why this is considered good programming? To me it makes skinning harder (as only some id's are prefixed with dnn_) & I really don't like the idea of the general public knowing what software is being used because all software is prone to exploits.

I know if I was trying to hack a website the first thing I would do is try to identify the software being used so I could look for expolits in it. If I found the software had not been patched to resolve known exploits I would then try to take advantage of the exploit.

One good example of this was when Joomla 1.5 had a serious exploit & everyones Joomla website got hacked if they were not smart enough to patch it straight away - see: http://milw0rm.com/exploits/6234

Now I have to also say that DNN has a great security policy where they do not talk publicly about known exploits, but as most people saw/read not so long ago sometimes people can do the wrong thing & release details of the exploit to the public. Now if I were running older versions of DNN I would be worried that people could find my unpatched DNN site (just like they did with Joomla sites not so long ago) - they could then take advantage of any previous exploits that they know about.

I have also checked these sites & they seem to limit branding thier code:

http://www.umbraco.org

http://www.kentico.com

http://www.ektron.com

http://www.adxstudio.com

http://www.sitefinity.com

I know DNN takes their security very seriously (thats why we use it) but would be interested to know other peoples thoughts on this matter are.
 
New Post
11/25/2008 11:38 AM
 
es mamlin


Joined: 3/28/2006
Posts: 733

As Jeff said, there are plenty of ways to determine if a site is running DNN.  I would not worry at all about having "DNN" appear within my page's code.

PREFIX = NAMESPACE
Addding the prefix helps to create a DNN "namespace" for the DNN elements so that the DNN elements' ID values don't step on (or get stepped on by) other user-added elements.

Example: If there was a DNN element with ID "menu" it would become "DNN_menu" which would be very helpful in a case where you added your own javascript menu inside of a TEXT/HTML module and gave your javascript menu an ID value of "menu".


Also I presonally like adding prefixes for the reason Jeff mentioned:  it makes it very easy to identify what elements belong to what system/subsystem.  By making system/element association identification easy, you make it easy to troubleshoot issues and easy for future development.

esmamlin atxgeek.me
 
 Page 1 of 1
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Skins, Themes, ...Skins, Themes, ...Why add a "dnn_" prefix to all idWhy add a "dnn_" prefix to all id's?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out