Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeArchived Discus...Archived Discus...Developing Under Previous Versions of .NETDeveloping Under Previous Versions of .NETASP.Net 2.0ASP.Net 2.0SSL Security and DotNetNukeSSL Security and DotNetNuke
Previous
 
Next
New Post
1/11/2007 11:47 AM
 
David Snow


www.AgingSafely.com
Joined: 9/18/2006
Posts: 226

Not sure about the answer to that. I have a shared hosting account at GoDaddy.com. I assume that others on the same server may also have SSL certs as well. Godaddy did move me to a dedicated IP address as part of installing the SSL cert.

While I have several portals I only planned on the SSL cert working on the primary port and maybe child portals since they would each be under the same URL.

I have exchanged emails with the provider of the SSL Module and he has been very helpful. As I remember I posted my question on Snowcovered.com or possible the provider's website.

/Dave S
 
New Post
1/11/2007 12:03 PM
 
Néstor Sánchez


www.nestorsanchez.net
Joined: 11/15/2003
Posts: 1986
mattchristenson wrote

I am not concerned with the data after it has made it too my site, what I am concerned with is that when the user types their credit card information in the submit form, that the information would be trasfered as clear text to my server where it could then get encrypted and saved.  Not being able to support this on multiple portals on the same DNN application seems to me to be a critical flaw in the DNN core architecture. 

Encryption of data is supposed to be implemented by your solution. So of course you need to use SSL to ensure that it travels encrypted from the client to the server. The actual issue here is supporting multiple certificates when multiple host headers are used in IIS. This is not possible and has nothing to do with Dotnetnuke.

To use SSL certificates for multiple site within Dotnetnuke, create one website in IIS for each DNN site and point it to the dotnetnuke install. Then apply the certificate accordingly.

Do you know the truth when you hear it?
Néstor Sánchez
The Dúnadan Raptor -->Follow Me on Twitter Now!
 
New Post
1/11/2007 2:29 PM
 
Matthew Christenson

Joined: 10/19/2006
Posts: 164
hooligannes 2.0 wrote
 mattchristenson wrote

I am not concerned with the data after it has made it too my site, what I am concerned with is that when the user types their credit card information in the submit form, that the information would be trasfered as clear text to my server where it could then get encrypted and saved.  Not being able to support this on multiple portals on the same DNN application seems to me to be a critical flaw in the DNN core architecture. 

 

Encryption of data is supposed to be implemented by your solution. So of course you need to use SSL to ensure that it travels encrypted from the client to the server. The actual issue here is supporting multiple certificates when multiple host headers are used in IIS. This is not possible and has nothing to do with Dotnetnuke.

To use SSL certificates for multiple site within Dotnetnuke, create one website in IIS for each DNN site and point it to the dotnetnuke install. Then apply the certificate accordingly.

This is an interesting idea that I hadn't thought of - creating one website in IIS for each DNN portal and pointing it to the same DotNetNuke install.  I wonder though, how will this affect performance?  If each website is set to run in the same IIS application group then will shared components work propertly and not execute multiple times?  The Application Started and Application Ended events in Global.asax for example, will they be executed once for each IIS website that points to the same path? 

Also, having multiple portals where at least one is always active means that all of them remain started and ready to serve pages; will hosting each portal in its own IIS website mean that each goes idle and unloads from memory independantly of others?

If someone knows the answer to this, it would be very helpful - I've spent over 12 hours researching how to secure the site properly...  This is all time that I didn't ancicipate having to spend; I thought that SSL would have been a key development concern from version one, and never put any thought into it durring my product development, now I'm getting close to launch time.
 
New Post
1/12/2007 11:30 AM
 
Néstor Sánchez


www.nestorsanchez.net
Joined: 11/15/2003
Posts: 1986
A new instance of the DNN dll is generated per IIS site that points to the same DNN install. I believe that, in practice, this means that each site will behave like an entirely independent app.
Do you know the truth when you hear it?
Néstor Sánchez
The Dúnadan Raptor -->Follow Me on Twitter Now!
 
New Post
1/12/2007 4:48 PM
 
Matthew Christenson

Joined: 10/19/2006
Posts: 164

hooligannes 2.0 wrote
A new instance of the DNN dll is generated per IIS site that points to the same DNN install. I believe that, in practice, this means that each site will behave like an entirely independent app.

This sounds to me like a critical flaw in DNN Security/Performance, again, If I understand everything correctly, it is IMPOSSIBLE to have a single running DNN Application instance run multiple portals where each portal has its own host header and is able to accept credit card payments securely.

Could somebody please confirm / deny this statement?
 
 Page 2 of 4
Previous1234Next 
Previous
 
Next
HomeHomeArchived Discus...Archived Discus...Developing Under Previous Versions of .NETDeveloping Under Previous Versions of .NETASP.Net 2.0ASP.Net 2.0SSL Security and DotNetNukeSSL Security and DotNetNuke


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out