Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DNN 6.01 security error in Admin/Site SettingsDNN 6.01 security error in Admin/Site Settings
Previous
 
Next
New Post
8/30/2011 5:38 AM
 
Aljaz Turk

Joined: 8/23/2008
Posts: 2
I am new to DNN, so I have seen this behavior only in 6.01:

While testing some things in 6.01 while logged in as "host", I discovered that pasting /Admin/SiteSettings.aspx into another web browser, which is NOT logged in to the DNN system, not only renders the page, but also accepts any changes made (even though the user is not logged in)!

I have tried all the other entries in the Admin section - they all show the Login.aspx page, which is correct. Only the sitesettings.aspx is faulty. Please fix this ASAP. A workaround for this security fault is deleting the file \DesktopModules\Admin\Portals\sitesettings.ascx from the production web server. (The www.dotnetnuke.com website is not in danger - I have tried it. :)

Other entries in the Host and other Edit mode sections appear OK.
 
New Post
8/30/2011 3:52 PM
 
Scott Schlesier


Joined: 6/14/2010
Posts: 119
Hi Aljaz,

Thanks for pointing out a potentially serious issue. A couple people at DotNetNuke Corp. have tried to reproduce this issue with no success.

Is it possible that you had multiple windows of the same browser open. In this situation the browser will almost always share cookies between the different windows. Effectively that means that when logged in in one window, you are logged in in all windows of the same browser.

If that was not the case, did you edit anything in the web.config file?
 
New Post
8/30/2011 4:15 PM
 
Aljaz Turk

Joined: 8/23/2008
Posts: 2
It was a different browser, not only a different instance of the same one. Also, it was in anonymous mode (not logged in). The user is not logged in (LOGIN | REGISTER).

I did edit the web.config - but only the SQL connection string (using SQL authentication). No other changes were done.

There were changes to the ASCX skin files and some changes to CSS files, but only in the Portal portion, none in the Admin portion of the system.

I have a 6.01 upgrade installation (I upgraded 6.01 over 6.0, and the 6.0 was a clean install).

I will have this in mind and will report back, if and when I find the culprit...
 
New Post
8/30/2011 8:15 PM
 
Costas Zividis


Joined: 10/29/2010
Posts: 546
For me, it goes to the Login window.
Discover Venice
 
New Post
10/3/2011 6:09 AM
 
Warren Boone


Joined: 8/31/2011
Posts: 3
For me too, login window.

This post was a result of a search of a fault I have on my side.

Admin account cannot make changes to the Site Settings, but he host can.
I have several parent portals in the same DNN instance but none of the admin accounts can make site setting changes. they can change their profile information though.

anyone have ideas..?
Regards
Warren,
oh I'm running DNN 6.0.1 and this is the first time I've had this error in the 4 years I've been using DNN
 
 Page 1 of 1
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DNN 6.01 security error in Admin/Site SettingsDNN 6.01 security error in Admin/Site Settings


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out