My Cart (0)  |  My Orders  |  My Downloads  |  My Auction  |  My Account  |  Help


Login |Register        Search

User registration changes in dnn 7.0

                Print      Add To Favorite     Add To Watch List     Contact Author

Creator: host   12/3/2012 10:22:15 PM    Author: cathal connolly   Source: http://www.dotnetnuke.com/Resources/Blogs/EntryId/3542/Site-registration-changes-in-DotNetNuke-7-0.aspx   Views: 3038    0    0  
Tags:
dnn 7 User account

    DotNetNuke has always shipped with Public set as it's default portal (site) registration (you can read more about the registration options here).  This was a decision that was inherited from the IBuySpy portal codebase that early versions of DotNetNuke utilized, and whilst it has advantages in enabling users to sign up immediately after installation, there are some drawbacks. We analyzed the last 18 months of security issues and found that approximately 44% of them required the potential hacker to have a valid, authorized user account to start off with. As the install default was “Public” for registration, gaining a valid user was a trivial step.

As many sites ultimately aren't intended for public users (e.g. a personal site may have only one user or a business site may use active directory integration), the decision was made to change the site registration type to "Private" in 7.0.0 to add an additional layer of defense-in-depth. Now, when you perform an installation when you click registration you will see the note on the screen that informs the user of this:

 

registration_private

 

For a user to gain portal access now, the site administrator (or host) has to go to admin->user accounts and authorize that user.

Changing site registration

In some cases sites may prefer the “old” default. If your site wants this then you can change this prior to installation by amending the relevant template file in portals/_default e.g. if you plan to install with the blank template edit Blank Website.template and change the useregistration node e.g. for private it is set as follows:

<userregistration>1</userregistration>

You can change this value to one of the supported values e.g.

  • 0 – no registration
  • 1 – private registration
  • 2 – public registration (the “old” default)
  • 3 –verified registration

Note: only the English (en-US) templates ship with the product, other templates are downloaded on demand via the update service during installation, so you do not have the option to alter this value during installation. Instead you will have to change it via the UI after installation.

If you’ve already installed the site and want to change the setting, log in as an admin or host and go to admin->site settings, click on the user account settings tab and change it via the user registration radio button.

 

private_reg


Rating People: 6   Average Rating:     

     DnnModule.com is built to provide DNN quality modules and DNN skins, some of them are free, some not. We wish these stuffs (free or not ) can be useful to you.

     Besides that, we also provide a full range of professional services, ranging from web site build, seo, system management, administration, support, senior consultancy and security services. We act as if your development project or network was ours, with care and respect. We are not satisfied until it works the way you want it to, and we don't silently ignore found issues as somebody else's problem.