Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Module ForumsModule ForumsRepositoryRepositorySecurity VulnerabilitiesSecurity Vulnerabilities
Previous
 
Next
New Post
1/2/2006 7:48 PM
 
Lance Prager


www.compup.com
Joined: 12/24/2005
Posts: 15

Repositories allows you to select any directory on the hard drive. This mean a portal administrator can point directly to the system directory or another portal. It really need to be restricted to directories in the portal.

 
 
New Post
1/2/2006 8:42 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865
That's been fixed in the next release. Only the host will be able to change the directory of the repository.
 
New Post
1/2/2006 9:40 PM
 
Lance Prager


www.compup.com
Joined: 12/24/2005
Posts: 15

Great news. But that means all of the portals will share the same repository? Are there any security problems between portals?

Also, do you recommend moving the repository outside the DotNetNuke directory? If the repository is under DotNetNuke then it will have read permissions by specifying the url. It seems that the Security Settings in File Manager do not apply if you bypass the application framework. (Even if you take read permissions off in IIS, you would have to do it for every parent portal which is a management nightmare.)
 
New Post
1/2/2006 11:18 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865
I'll have to double check the latest build to see exactly how Steve did it but I think he just hid that section from anyone other than the host account. The repositories by default will still be under Portal#/Repository. You're right that in reality that the repository shouldn't be allowed outside of the DNN install at all. I think, and Steve would have to verify, that the ability to put the path in there was based on a request from his old forum on the Gooddogs site.
 
New Post
1/3/2006 8:59 AM
 
Lance Prager


www.compup.com
Joined: 12/24/2005
Posts: 15

Maybe the Repository should be outside the portal. I tested and it handles multiple portals and separates the files just fine.

If the Repository is outside the portal, and even outside of the website files, it can be completely hidden from URL searches. Otherwise, you would have to remove Read properties from every web that is defined on the server (that could be hundreds of webs x hundreds of Repositories).

The only problem I see with putting the Repository outside the web is that it would not be included in the portal disk quota. But unless there is a way to automatically secure the folder from url browsing then it may be a better solution. (I think, one way or the other, url security has to be addressed in the core so private folders are truly private.)
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Module ForumsModule ForumsRepositoryRepositorySecurity VulnerabilitiesSecurity Vulnerabilities


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out