Security on Arvixe Hosted Platform

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.
11/17/2010 12:43:17 PM
Gravatar
Total Posts 7

Security on Arvixe Hosted Platform

Hi:

I have been able to successfully install mojoPortal manually on Arvixe, and everything seems to be working just great.  I am a big fan of both Arvixe and mojoPortal.  I am running version 3.2.5.5. When I run the Security Advisor, I am advised to generate a new machine key and remove the write permissions to all the folders except the /App_Data and /Data folders.

If I generate a new machine key, does that create a static key that will be valid on any machine my Web site gets moved to (as long as I keep the same web.config file), or would moving to a new machine require a newly generated key and potentially lock out all my accounts?

Also, the only tools I have on Arvixe to set file permissions is the Arvixe file manager.  I am not sure if this will allow me to provide the necessary permissions for the application pool user.  Do you have any information on this?  Thanks!

-- John Graminski

11/17/2010 12:59:56 PM
Gravatar
Total Posts 1204
Proud member of the mojoPortal team

Help support mojoPortal!
Add-on modules

Re: Security on Arvixe Hosted Platform

Yes, your new machine key will be embedded in your web.config. As you upgrade mojoPortal, you will need to remember to replace the default value in web.config with your custom key each time, and if you were to move to another server, you can carry that value with you as well. As long as the key in web.config is the same one that was used to encrypt the data in your database, everything will work properly.

Someone from Arvixe should be able to help you with the file permissions question.

Jamie

11/17/2010 1:22:45 PM
Gravatar
Total Posts 7

Re: Security on Arvixe Hosted Platform

Hi:

Thanks for the quick reply.  I changed the machine and decryption keys to the ones generated in the Security Advisor.

I was experimenting with some file permissions on Arvixe and I answered my own question regarding the file permissions.  Apparently (just a guess...), Arvixe uses the Web site name as the application pool user name.  This user is given Read/Write permissions to the /wwwroot folder (which is created when the Web site is created).

Using the Arvixe Control Panel File Manager, I changed this user's permissions to Read Only for the /wwwroot and all its contents except the /wwwroot/App_Data and /wwwroot/Data folders, which I set to Read/Write again.  Now the Security Advisor shows all green.

Thanks again for your help!

-- John Graminski

You must sign in to post in the forums. This thread is closed to new posts.