Try Now
More in this section

Forums / Security / HTTP vs HTTPS security error in admin interface

HTTP vs HTTPS security error in admin interface

2 posts, 0 answered
  1. Greg
    Greg avatar
    2 posts
    02 Jun 2010
    02 Nov 2010
    Link to this post

    I am reporting a potential security issue with the SiteFinity Administrative Interface.  The Frame from the bottom left corner of the SiteFinity Administration page is delivered via HTTP instead of HTTPS.   (This is the box that has the "Set Home Page", "Move Page Up"  and other options).  The frame has administrative capabilities that could be misused to alter the homepage.  The frame should be delivered via HTTPS with the rest of the admin control modules.  My client is using SiteFinity version 3.5.1747.

                Does SiteFinity have a bug reporting site that we could work with to get this issue resolved? 

               Has this issue possibly fixed in future versions?

    Any information would be greatly appreciated
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    25 Oct 2016
    03 Nov 2010
    Link to this post
    Hi Greg,

    The section you are referring uses LinkButton control which does not have a property that allows you to navigate to another page or view. The control has CommandName which value we use to execute certain operations inside SiteMapPanel control.

    You can force using SSL certificate for the entire backend by setting it over "Sitefintiy" folder through IIS server settings.

    Sincerely yours,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
2 posts, 0 answered