Hi:

I have been able to successfully install mojoPortal manually on Arvixe, and everything seems to be working just great.  I am a big fan of both Arvixe and mojoPortal.  I am running version 3.2.5.5. When I run the Security Advisor, I am advised to generate a new machine key and remove the write permissions to all the folders except the /App_Data and /Data folders.

If I generate a new machine key, does that create a static key that will be valid on any machine my Web site gets moved to (as long as I keep the same web.config file), or would moving to a new machine require a newly generated key and potentially lock out all my accounts?

Also, the only tools I have on Arvixe to set file permissions is the Arvixe file manager.  I am not sure if this will allow me to provide the necessary permissions for the application pool user.  Do you have any information on this?  Thanks!

-- John Graminski

Hi:

Thanks for the quick reply.  I changed the machine and decryption keys to the ones generated in the Security Advisor.

I was experimenting with some file permissions on Arvixe and I answered my own question regarding the file permissions.  Apparently (just a guess...), Arvixe uses the Web site name as the application pool user name.  This user is given Read/Write permissions to the /wwwroot folder (which is created when the Web site is created).

Using the Arvixe Control Panel File Manager, I changed this user's permissions to Read Only for the /wwwroot and all its contents except the /wwwroot/App_Data and /wwwroot/Data folders, which I set to Read/Write again.  Now the Security Advisor shows all green.

Thanks again for your help!

-- John Graminski