jump to navigation

How to change the terms of use and privacy statement in a Dotnetnuke website April 20, 2008

Posted by fofo in DOTNETNUKE.
Tags: ,
2 comments

Lots of people use DNN to build their personal and commercial websites. One question i often get is how to change the “Terms of Use” and “Privacy Statement” that are two links that usually appear in the bottom of the page. By default they contain content that is “standard”. Obviously people want to type their own text.


So, in order to edit the Privacy and Terms:
Login to your portal as Host
Go to: Host / Languages and then click on Language Editor
You will be presented with a list of templates you can edit
Then scroll down, until you findMESSAGE_PORTAL_PRIVACY.Text and MESSAGE_PORTAL_TERMS.Text

Click on the arrow to the right hand side of the text box, the Text Editor will open and then type whatever you want.

Hope it helps!!!

Disable Inline editing in DotNetNuke April 18, 2008

Posted by fofo in DOTNETNUKE.
Tags: ,
2 comments

One question I often get in DotNetNuke seminars is how to disable the InLine editing that allows us to edit the content of module titles and Text/Html module contents by clicking on them in the browser window and typing. That is great feature for some people but some people just do not like it. It is really simple. Just Log in as Admin. then Just Click Admin from the menu. Then click Site Settings and scroll down until you find the Advanced Settings, expand the node and then click on the Usability Settings. Expand the node and in the Inline Editor Enabled? option just uncheck it and click Update. That is all!!!!

DNN Security tips September 20, 2007

Posted by fofo in DNN Security.
Tags: , ,
add a comment

Many people who build their portals using a version of the Dotnetnuke, need to find ways to protect their portals from hackers and malicious users

  1. secure data from unauthorised users

This can be achieved by setting the appropriate permissions to every user. we can choose the pages that we want certain people to see. only those that have registered can look at the “forthcoming events”,for example.

  2.    Prevent Hacking

  • Social hacking

Kevin Mitnick used to call a company,pretending that he was a former employee, and asked for some information.

Many times he managed to get people to give him usernames and passwords.

DNN cannot do anything about other administrators of the portal or registered users of the portal that give out their sensitive data. you can only alert them to the dangers of social hacking.

  • Brute Force Hacking

this is also called dictionary hacking.what happens is that a hacker uses a program that tries to get into a site using a known username.The password he tries  comes from a dictionary of passwords. The best way to protect yourself is to have a policy in place that enforces a complicated password. also always remember to change the host and admin usernames and their respective passwords. the way to change the admin user is this.

  • log in as host
  • add a new user who has an administrator role
  • log in with the new admin info
  • delete the original admin user

  • Application Profiling

  That means that certain people can navigate to your site or portal and straight away realise they are browing a dnn site.

then they can do certain things. they can guess that you were propably too lazy to change the admin username and propably the admin password is dnnadmin. there are some ways to hide the obvious signs that your site is build on the DNN platform.

  1. Change the title bar
  2. Eliminate the source code comments
  3. Turn off the copyright message in the footer of the page 

  • SQL Injection

  

In a portal that SQL queries are used, a hacker can insert or alter an existing database query.This is done by using quotes to break out of a SELECT statement.

an example is when someone logs in the query is executed “Select * from logintable WHERE username=’admin’ and password=’password’ ”

A hacker can inject a quote and comment characters to create a new SQL statement.

DNN uses stored procedures for all database access.This greatly reduces the possibility of hacking using SQL injection techniques.