What kind of Security In Built in Kentico

 Question :- What kind of Security In Built in Kentico?

Answer :-


Kentico provide following kind of in-built securities.
(a)Users are allowed to use only strong and complex passwords. You can enable the Use password policy setting in Settings -> Security & Membership -> Passwords.

(b). The passwords are stored in a strong and secure format. Recommended option is SHA2 with salt. You can set password format in Settings -> Security & Membership -> Passwords -> general group.

(c ). The number of allowed invalid logon attempts is limited. You can set the limit in Settings -> Security & Membership -> protection in the Invalid logon attempts group.

(d). File types that can be uploaded to the system are restricted. You can specify which extensions are allowed for uploaded files in general, including forms in Settings -> System -> Files in the Security group.

(e). UI personalization for specified roles is set correctly to prevent users from accessing unnecessary user interface. You can configure UI personalization in the UI personalization application.

(f). You have consider if autocomplete function is needed. Autocomplete can be enabled in Settings -> Security & Membership -> Protection -> General group.

(g).Forms are secured with CAPTCHA (spam protection control).

(h). Encrypted Internet connection (HTTPS) is configured properly.

(i). Directory listing is disabled in the website and web servers.

(j). All HTTP methods except GET and POST are disabled if they are not in use.

(j).Sensitive sections of the web.config file are encrypted (mainly the connection string).

(k). Access to sensitive directories is forbidden to protect the servers against the enumeration attack.

(l). Cookieless authentication is disabled to prevent session hijacking. This can be done by changing the cookieless attribute of the form element.

Comments

Popular posts from this blog

OutSystems – A Low-code Development Platform

What is difference between Azure Cognitive Search and Elastic Search

failed to access iis metabase asp.net