1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Secure entire site

Secure entire site

4 posts, 0 answered
  1. Eric
    Eric avatar
    147 posts
    Registered:
    12 Nov 2007
    15 Nov 2011
    Link to this post
    I want my entire website to be secure, both frontend and backend pages. I could go through each of the pages and set the flag to require SSL but that's a lot of work. Any issue with just doing it directly in the database (other than it's probably considered taboo).

    Are there any known issues with making all the backend pages secure? Alternatively, I could just make the frontend pages secure because those are the ones I'm most concerned about, but figured while I'm at it, I may as well make them all secure.

    UPDATE sf_page_data SET require_ssl = 1

    I'm not concerned about the overhead on the web server of encrypting pages.

    Thanks,
    Eric
  2. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    16 Aug 2017
    18 Nov 2011
    Link to this post
    Hello Eric,

    You can set the RequireSSL property for all pages using our Pages API
    Please find below a code sample I've prepared for you which should accomplish this task:
    App.WorkWith().Pages()
                              .Where(p => p.Page != null)
                               .ForEach(p =>
                                           {
                                               p.Page.RequireSsl = false;
                                           }).SaveChanges();
    unless explicitly specified PageLocation (e.g. .LocatedIn(Telerik.Sitefinity.Fluent.Pages.PageLocation.Backend) the code will travrse through all pages and set their RequireSSL property to true.. As an alternative approach I believe you might find this blog post we have recently released, useful. If you need some additional information, do not hesitate to let us know.

    All the best,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Tim
    Tim avatar
    258 posts
    Registered:
    22 Jun 2011
    21 Nov 2011
    Link to this post
    Eric,

    Can I ask why you're looking to do that in the first place? Keep in mind that requiring SSL won't make your site more secure, simply the connection that the user has to your server. If you're currently running anything that may pose a security risk, it'll still be a security risk after the proposed modifications are made. Also, you may be alright with your server having a bit more processing to do but your users will feel it too as content delivered via SSL isn't (isn't supposed to be...) cached.

    Login pages, backend pages and anything with sensitive data should be the only thing that you would need to require SSL for.

    Either way, good luck!
  4. Eric
    Eric avatar
    147 posts
    Registered:
    12 Nov 2007
    21 Nov 2011
    Link to this post
    I disagree with your statement that it won't make the site more secure. It reduces the chances of session hijacking and man-in-the-middle attacks. The site would still be vulnerable to other attacks.

    But that's not the reason. This would be in an attempt to reduce the likelihood of running into the confirmed Sitefinity bug that causes Internet Explorer to show the "This page cannot be displayed" error page when being redirected from an HTTPS to an HTTP page. If all the pages on the site are on HTTPS, I would never redirect to a page over HTTP and thus avoid this bug.

    I hope they fix this bug in 4.4.

    Eric
4 posts, 0 answered