Securing MongoDB (Brief Notes)

So, Sitecore uses MongoDB, a product that has an interesting approach to security. When you install it, by default, it doesn’t have any. By Default:

  • Mongo does not require authentication
  • Communication is unencrypted
  • In fact, if you can connect to it, you can bugger about with the data

This is, ahem, “suboptimal”. It is, however, possible to to set it up. Options:

  • Restrict IP address access at the firewall. Good practice, to be honest, and not covered here.
  • Configure to use SSL
  • Configure to use a username/password in connection strings

Continue reading “Securing MongoDB (Brief Notes)”

Advertisements
Securing MongoDB (Brief Notes)

Sitecore Serialization – System.ArgumentException: Illegal characters in path

So, I was trying to use Sitecore Serialisation, and I got the following error:

System.ArgumentException: Illegal characters in path.
at System.IO.Path.CheckInvalidPathChars(String path, Boolean checkAdditional)
at System.IO.Path.IsPathRooted(String path)
at Sitecore.Data.Serialization.PathUtils.MapItemPath(String itemPath, String root)

capture-serialization-page

Joy. Sadly, this pad doesn’t give a clue what the problem item actually is. The log files don’t show an exception – but I can see the last item processed, and it looks funny:

capture-of-log-file

So, if that’s the item throwing the exception then a) serialisation isn’t logging the exception, which sucks, and b) some items in this tree have newline or carriage return characters (\n or \r)

To try and find these, I ran SQL against the database…

SELECT * FROM [MASTER].[dbo].[Items]
where Name like '%' + CHAR(10) + '%'
or Name like '%' + CHAR(13) + '%'

This found a bunch of items with \r in their names. Lord knows how they were put there. I suspect copy and paste from some of the actual content.

Sitecore Serialization – System.ArgumentException: Illegal characters in path

Sitecore Permissions

Sitecore permissions are always a bit of a pain to figure out. You’ve got the question of inheritance of rights from parent nodes, and how role rights conflicts are resolved.

Well, these two links are particularly useful, I found:

There’s quite a lot of reading there, but it’s good content. The easiest way I’ve found for considering permissions is:

Unspecified (effectively no-access) is beaten by Inherited rules (variable) is beaten by Allowed (has access) which is beaten by Deny (No access).

In other words, an explicit Deny will block access to a user.

If there is a conflict between explicitly assigned roles, Deny wins.

If rights are assigned directly to a user (rather than a role) they win – though you shouldn’t be assigning rights directly to users. It’s unmanagable in the long term.

Simple, right?

 

Sitecore Permissions