Products

Solutions

Resources

Partners

Community

Blog

About

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Security Analyzer incosistenciesSecurity Analyzer incosistencies
Previous
 
Next
New Post
7/26/2017 7:16 PM
 
I'm a bit confused as to why we have to set this?  It's not referenced in any other documentation or existing configuration I've seen.  Also according to their configuration on that page linked the default behavior sounds more secure than setting a constant value.  Wouldn't setting a constant key introduce reduced security by making it possible for someone to get their hands on the key versus an always changing key?








Telerik.Web.UI.DialogParametersEncryptionKey—lets you set a static key that RadEditor will use when deserializing its dialog parameters. By default, this key is randomly generated each time the application recycles.
 
New Post
7/26/2017 7:39 PM
 

Ash Prasad,

 

I used your example to clear the problem but since Telerik.AsyncUpload.ConfigurationEncryptionKey was already in the web.config I replaced it with the error was calling as missing.

<add key="Telerik.Web.UI.DialogParametersEncryptionKey" and slightly modified the value = of the Telerik.AsyncUpload.ConfigurationEncryptionKey  (guid)

the same with

 

<add key="Telerik.Upload.ConfigurationHashKey" value

Cleared cache & restarted application reran analyzer and it cleared the error.

Thanks

 

 
New Post
7/26/2017 8:06 PM
 

I am not 100% sure on this - but this is needed when running in a web farm scenario. If each web head generate their own keys at startup then it will cause collisions - a key from one web head won't match with other. In such cases one must use the key from web.config, which is shared among all the web heads.


Ash Prasad
Director of Engineering
DNN Corp.
 
New Post
7/26/2017 8:47 PM
 
We don't operate in a web farm, they're just stand alone websites on a single IIS server. We're going to have to go through a testing and validation phase to add this setting to ensure it doesn't cause any issues so we can make the validator give us a green check mark.
 
New Post
8/2/2017 3:06 PM
 
FYI for those following this DNN has put out SecurityAnalyzer 8.1.1 that will add this key to your web.config automatically if it's missing. 

https://github.com/DNNCommunity/Secur...
 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Security Analyzer incosistenciesSecurity Analyzer incosistencies


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out