Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Security Analyzer incosistenciesSecurity Analyzer incosistencies
Previous
 
Next
New Post
7/26/2017 7:16 PM
 
Leith Tussing


Joined: 2/14/2006
Posts: 45
I'm a bit confused as to why we have to set this?  It's not referenced in any other documentation or existing configuration I've seen.  Also according to their configuration on that page linked the default behavior sounds more secure than setting a constant value.  Wouldn't setting a constant key introduce reduced security by making it possible for someone to get their hands on the key versus an always changing key?








Telerik.Web.UI.DialogParametersEncryptionKey—lets you set a static key that RadEditor will use when deserializing its dialog parameters. By default, this key is randomly generated each time the application recycles.
 
New Post
7/26/2017 7:39 PM
 
Patrick McKnight


Joined: 8/1/2012
Posts: 29

Ash Prasad,

 

I used your example to clear the problem but since Telerik.AsyncUpload.ConfigurationEncryptionKey was already in the web.config I replaced it with the error was calling as missing.

<add key="Telerik.Web.UI.DialogParametersEncryptionKey" and slightly modified the value = of the Telerik.AsyncUpload.ConfigurationEncryptionKey  (guid)

the same with

 

<add key="Telerik.Upload.ConfigurationHashKey" value

Cleared cache & restarted application reran analyzer and it cleared the error.

Thanks

 
 
New Post
7/26/2017 8:06 PM
 
Ash Prasad

Ash Prasad's Avatar

Joined: 9/18/2009
Posts: 310

I am not 100% sure on this - but this is needed when running in a web farm scenario. If each web head generate their own keys at startup then it will cause collisions - a key from one web head won't match with other. In such cases one must use the key from web.config, which is shared among all the web heads.

Ash Prasad
Director of Engineering
DNN Corp.
 
New Post
7/26/2017 8:47 PM
 
Leith Tussing


Joined: 2/14/2006
Posts: 45
We don't operate in a web farm, they're just stand alone websites on a single IIS server. We're going to have to go through a testing and validation phase to add this setting to ensure it doesn't cause any issues so we can make the validator give us a green check mark.
 
New Post
8/2/2017 3:06 PM
 
Leith Tussing


Joined: 2/14/2006
Posts: 45
FYI for those following this DNN has put out SecurityAnalyzer 8.1.1 that will add this key to your web.config automatically if it's missing. 

https://github.com/DNNCommunity/Secur...
 
 Page 2 of 2
Previous12 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Security Analyzer incosistenciesSecurity Analyzer incosistencies


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out