This post has been migrated from www.experimentsincode.com, we apologise if some of the images or content is missing

This post has been migrated original date 17 Dec 2008 Following on from the blog I posted last month about Sitecore's RESTful Security Risk Sitecore have realeased the following information as part of their December newsletter:
Installation Guide Update for Sitecore CMS 5.3.x and 6.0 (Security Hardening) We have discovered a missing security setting description in the Installation Guide for Sitecore 5.3.x and 6.0 regarding the ‘rest.aspx’ file. These pages have been updated: Page 17 In the Authentication Methods dialog box, ensure that the Anonymous access check box is not checked. Repeat this procedure for the following folders and files: /sitecore/admin /sitecore/debug /sitecore/rest.aspx. Page 28 Disable anonymous access to /sitecore/rest.aspx file Make sure you have disabled anonymous access to the /sitecore/rest.aspx file. For details, see Section 3.5, Configuring the IIS. Page 46 Make sure you have disabled anonymous access to the /sitecore/rest.aspx file. For details, see Section 3.5, Configuring the IIS.
I am a little annoyed that they calmed they had missed the security description but on the plus side hopefully more Sitecore sites will become secure and that they have finally notified users; even if it was 2 months after I informed them of the original problem.
comments powered by Disqus