Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DotNetNuke and FIPS compliance?DotNetNuke and FIPS compliance?
Previous
 
Next
New Post
4/20/2012 8:25 AM
Accepted Answer 
Brandon Haynes Haynes


brandonhaynes.org
Joined: 2/6/2006
Posts: 1172
Leith Tussing wrote:
I found the answer to this question once we finally purchased DNN Pro, it would have been nice to have known this before to help guide us better.

Strictly with respect to the use of MD5 in the caching provider, it would  be a trivial modification to create a custom provider that utilized SHA over the existing algorithm.  The use of the hash here is only superficially security-related, and was added to (i) ensure valid filenames and (ii) prevent naming collisions (which does remain a security consideration).  

I'll submit a work item for this issue, but just wanted to point out that the continued use of CE remains a possibility.  However, there are a number of uses of MD5 within the core itself that remain problematic (for all editions).

Brandon

Brandon Haynes
BrandonHaynes.org
 
New Post
4/20/2012 5:38 PM
 
Program Manager for Ammuntion United States Marine Corps


Joined: 4/20/2012
Posts: 4
Leith now I have access to the support/KB articles. I have looked at Articles 108 & 109 Do you by any chance know the Article ID that deals with details of disabling the FileBasedCaching and enabling the WebBasedCaching. Is this an installation (PE) time option or is it something we can configure using host/admin settings.
We looked at the various "Caching" options under Host Settings/Performance Settings but don't see "WeBasedCaching" as an option we only see "File/Database/Memory".

Once again thanks a lot for your help.
 
New Post
4/20/2012 5:40 PM
 
Program Manager for Ammuntion United States Marine Corps


Joined: 4/20/2012
Posts: 4

Leith now I have access to the support/KB articles. I have looked at Articles 108 & 109 Do you by any chance know the Article ID that deals with details of disabling the FileBasedCaching and enabling the WebBasedCaching.  Is this an installation (PE) time option or is it something we can configure using host/admin settings.
We looked at the various "Caching" options under Host Settings/Performance Settings but don't see "WeBasedCaching" as an option we only see "File/Database/Memory".  Not sure if this is the correct option that we need to change.

Once again thanks a lot for your help.

 
New Post
4/21/2012 10:21 AM
 
Leith Tussing


Joined: 2/14/2006
Posts: 45
I actually believe it is the default provider in DNN PE, so just running it will use the FIPS version.

If you're still running into problems what are they?
 
New Post
4/22/2012 12:55 PM
 
Sabaratnam Selvarajah


Joined: 9/19/2011
Posts: 19
Leith,First of all we are currently running under DNN 5.2.2.75 and are awaiting approval to upgrade to a higher version due to strict regulatory requirements. Not sure if we have to be at a higher DNN PE version to default to the WebBasedCacahing algorithms.The error we are getting seems to be confined only to some of our pages that use some of our custom modules. One page in particular is using a custom module to read an external XML file to populate an unordered list of links pretty much like the DNN's Links module except that the URLs are held in an XML file. The error message when run with FIPS enabled is the usual "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms". The Event Log seems to point to the method "System.Security.Cryptography.MD5CryptoServiceProvider..ctor".I am not sure if the problem is due to accessing an external file(path / name). I am using an external file since the same file is used for other legacy apps as well and wanted to avoid duplication. Basically we are looking for workarounds available to DNN 5.2.2.75 users to be FIPS compliant.
 
 Page 2 of 3
Previous123Next 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DotNetNuke and FIPS compliance?DotNetNuke and FIPS compliance?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out