Jason Sherrill

My feedback

  1. 8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Kentico Product Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    Jason Sherrill supported this idea  · 
  2. 46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Kentico Product Ideas » Platform  ·  Flag idea as inappropriate…  ·  Admin →
    Jason Sherrill commented  · 

    Michal,

    The current built-in functionality that you referenced in the documentation applies to the entire site rather than just the /admin folder, correct? If that is correct, then this functionality does not address the original requester's use case, which is to limit access to the administration area to just specific IP addresses. In this use case, the user still wants the world to be able to reach the public facing areas of the website, but there reduce the attack surface area of the site by limiting access to the /admin folder to only requests that originate from allowed IP addresses. This can be done currently via IIS, but I believe the suggestion is to allow management of this from within the CMS itself.

    Jason Sherrill supported this idea  · 
    Jason Sherrill commented  · 

    I presume that what you mean is to manage IP-based restrictions through the CMS instead of through web.config for controlling which clients can reach the /admin section?

    Based on that assumption, this would definitely be a nice additional feature since it would eliminate the need for us to manage this security layer through web.config files and would also better support multi-site installations of Kentico.

  3. 212 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Jason Sherrill supported this idea  · 
  4. 188 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    19 comments  ·  Kentico Product Ideas » Platform  ·  Flag idea as inappropriate…  ·  Admin →
    Jason Sherrill commented  · 

    Dominik,

    We went the route of building our module to handle encryption of BIzForm fields so it's not as critical now, but it would still be a valuable addition to Kentico as a core feature given the security climate.

    Jason Sherrill commented  · 

    I'm curious where this stands and if there are any plans to implement this?

    Jason Sherrill commented  · 

    Dominik,

    When build the forms outside of Kentico using a separate .NET encryption component that provides AES encryption.

    In Kentico v6, we had used a beta component that Kentico was working on and had good results with it. We have updated the Kentico component for use in v8.1, but given that it's beta, we are limited in the projects where we can use it.

    Whole db encryption is an option with some projects, but not as versatile given that we don't always have control over the SQL environment on projects. It would be a far better option for us and our clients to have the beta component go RTM in the Kentico product.

    Thanks!

    Jason Sherrill commented  · 

    With data encryption not only a growing wish among customers, but in more & more industries a mandated compliance requirement, the lack of a data encryption component for forms that collect customer data is becoming a sales hurdle this year for customers considering Kentico.

    Jason Sherrill supported this idea  · 
  5. 103 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Kentico Product Ideas » Platform  ·  Flag idea as inappropriate…  ·  Admin →
    Jason Sherrill commented  · 

    Agree that this is a sorely lacking feature of the staging module right now. In every situation that we've used staging, the necessity to manually handle JS library file syncing between staging and prod results in extra support requests & subsequent troubleshooting because content admins forget that these changes aren't included in the normal sync process. The Kentico staging module is pretty good, but this missing component is standing in the way of it being awesome.

    Jason Sherrill supported this idea  · 

Feedback and Knowledge Base