Welcome Guest! To enable all features please
Login or Register.
I noticed that during install I am required to grant the web process permissions to commit the database upgrade password to the app.config. Is there anyway that this can be moved to the DB in the future?
1. This simplifies permissions required to setup the forums
2. Reduces surface area of attacks from a security standpoint
Thanks
I noticed that during install I am required to grant the web process permissions to commit the database upgrade password to the app.config. Is there anyway that this can be moved to the DB in the future?
1. This simplifies permissions required to setup the forums
2. Reduces surface area of attacks from a security standpoint
Thanks
One other thing, I deploy YAF to a web farm and this breaks my web farm since it's only committed to a single server.
DB is not a great option either. But I'm open to other suggestions.
I noticed that during install I am required to grant the web process permissions to commit the database upgrade password to the app.config. Is there anyway that this can be moved to the DB in the future?
1. This simplifies permissions required to setup the forums
2. Reduces surface area of attacks from a security standpoint
Thanks
One other thing, I deploy YAF to a web farm and this breaks my web farm since it's only committed to a single server.
Just copy the app.config. Not sure how it "breaks" everything given its only needed when you run /install.
Edited by user
2008-05-27T15:26:08Z
|
Reason: Not specified
I noticed that during install I am required to grant the web process permissions to commit the database upgrade password to the app.config. Is there anyway that this can be moved to the DB in the future?
1. This simplifies permissions required to setup the forums
2. Reduces surface area of attacks from a security standpoint
Thanks
One other thing, I deploy YAF to a web farm and this breaks my web farm since it's only committed to a single server.
Just copy the app.config. Not sure how it "breaks" everything given its only needed when you run /install.
I was trying to install the beta and pressed enter by accident without filling in the entire install form. An exception was thrown.
I went back and and did the install again. Which bounced me to my other server. I did the copy of the app.config which fixed it and finished install.
I think there is a bug because I looked at the app.config file and the configPassword had the same hash multiple times separated by a comma.
Also, I'm not sure why putting the password in the DB is not a good option. The only way to get to the DB is to compromise the SQL server in which if I have done that, I can get the nessecary password information (salt and hash) to the administrator account anyways
I too had this I fixed it by going into windows explorer and right slicking the app.config and giving full control to the ASPNET user under the security tab.
[url=http://craigwhiteman.blogspot.com.au/]Capt. ArkCAW HonourNRespect- Need an Ark? I Noah Guy![url]
Forum Jump
- You cannot post new topics in this forum.
- You cannot reply to topics in this forum.
- You cannot delete your posts in this forum.
- You cannot edit your posts in this forum.
- You cannot create polls in this forum.
- You cannot vote in polls in this forum.
Important Information:
The YAF.NET Support Forum uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close