I realise this may have been asked before but have not come across in a quick forum search.
We are developing a site that we and the client expect to generate a lot of healthy... as well as a lot of unhealthy interest. There may be regular attempts to breach security and replace content with inapropriate material. Due to high profile of the site, we want to prevent this from happening as much as possible, and are willing to go to great lengths to avoid such a thing.
We know that on some high traffic sites tackling contentious topics they use what I called a 'remote mode', whereby a content management system is not exposed to the web directly but - after each edit - renders the HTML and pushes it to a folder that is then served with IIS (or other web server). Because there's no .Net execution involved, surface area is greatly reduced. Are you aware of an Umbraco package that does just that? Any potential problems (other than the... inability to execute code ex. for the search engine to work).
Another strategy seems to be Courier and the removal of /umbraco in the production site. It would be Courier pushing changes directly to the production database (as far as we understand the mechanism). Can you see any potential problems with this?
I understand that the questions above may seem rather basic, but what we're really asking is your experience with Umbraco security, ways to improve it, and potential pitfalls / caveats when it is used in a tight security environment. So will be most grateful if you could outline how you secure your sites, whether you've experienced any attacks (were they successful?), so that we can wholeheartedly recommend Umbraco to our clients as a solution that is both a dream to use as well as a dream to secure.
Anyone..? :-) What we'd like to be doing is functionallny similar to HTTrack and a module for... Drupal aptly called HTML Export. Were hoping something similar exists for our favourite CMS of choice, Umbraco!
Tightening security with 'remote' mode
I realise this may have been asked before but have not come across in a quick forum search.
We are developing a site that we and the client expect to generate a lot of healthy... as well as a lot of unhealthy interest. There may be regular attempts to breach security and replace content with inapropriate material. Due to high profile of the site, we want to prevent this from happening as much as possible, and are willing to go to great lengths to avoid such a thing.
We know that on some high traffic sites tackling contentious topics they use what I called a 'remote mode', whereby a content management system is not exposed to the web directly but - after each edit - renders the HTML and pushes it to a folder that is then served with IIS (or other web server). Because there's no .Net execution involved, surface area is greatly reduced. Are you aware of an Umbraco package that does just that? Any potential problems (other than the... inability to execute code ex. for the search engine to work).
Another strategy seems to be Courier and the removal of /umbraco in the production site. It would be Courier pushing changes directly to the production database (as far as we understand the mechanism). Can you see any potential problems with this?
I understand that the questions above may seem rather basic, but what we're really asking is your experience with Umbraco security, ways to improve it, and potential pitfalls / caveats when it is used in a tight security environment. So will be most grateful if you could outline how you secure your sites, whether you've experienced any attacks (were they successful?), so that we can wholeheartedly recommend Umbraco to our clients as a solution that is both a dream to use as well as a dream to secure.
PS: DoS should be prevented by our ISP.
Anyone..? :-) What we'd like to be doing is functionallny similar to HTTrack and a module for... Drupal aptly called HTML Export. Were hoping something similar exists for our favourite CMS of choice, Umbraco!
is working on a reply...