This idea is not going to be covered in the upcoming version of Kentico. We are going to gather more information about it.
Platform Product Owner
The current built-in functionality that you referenced in the documentation applies to the entire site rather than just the /admin folder, correct? If that is correct, then this functionality does not address the original requester's use case, which is to limit access to the administration area to just specific IP addresses. In this use case, the user still wants the world to be able to reach the public facing areas of the website, but there reduce the attack surface area of the site by limiting access to the /admin folder to only requests that originate from allowed IP addresses. This can be done currently via IIS, but I believe the suggestion is to allow management of this from within the CMS itself.
I presume that what you mean is to manage IP-based restrictions through the CMS instead of through web.config for controlling which clients can reach the /admin section?
Based on that assumption, this would definitely be a nice additional feature since it would eliminate the need for us to manage this security layer through web.config files and would also better support multi-site installations of Kentico.
212 votesShare your thoughts · 2 comments · Kentico Product Ideas » Content Management · Flag idea as inappropriate… · Admin →
Have you considered native encryption at the SQL Server?
We went the route of building our module to handle encryption of BIzForm fields so it's not as critical now, but it would still be a valuable addition to Kentico as a core feature given the security climate.
I'm curious where this stands and if there are any plans to implement this?
When build the forms outside of Kentico using a separate .NET encryption component that provides AES encryption.
In Kentico v6, we had used a beta component that Kentico was working on and had good results with it. We have updated the Kentico component for use in v8.1, but given that it's beta, we are limited in the projects where we can use it.
Whole db encryption is an option with some projects, but not as versatile given that we don't always have control over the SQL environment on projects. It would be a far better option for us and our clients to have the beta component go RTM in the Kentico product.
With data encryption not only a growing wish among customers, but in more & more industries a mandated compliance requirement, the lack of a data encryption component for forms that collect customer data is becoming a sales hurdle this year for customers considering Kentico.
please share your thoughts
Agree that this is a sorely lacking feature of the staging module right now. In every situation that we've used staging, the necessity to manually handle JS library file syncing between staging and prod results in extra support requests & subsequent troubleshooting because content admins forget that these changes aren't included in the normal sync process. The Kentico staging module is pretty good, but this missing component is standing in the way of it being awesome.