So, Sitecore uses MongoDB, a product that has an interesting approach to security. When you install it, by default, it doesn’t have any. By Default:
- Mongo does not require authentication
- Communication is unencrypted
- In fact, if you can connect to it, you can bugger about with the data
This is, ahem, “suboptimal”. It is, however, possible to to set it up. Options:
- Restrict IP address access at the firewall. Good practice, to be honest, and not covered here.
- Configure to use SSL
- Configure to use a username/password in connection strings
Continue reading “Securing MongoDB (Brief Notes)”
So, I was trying to use Sitecore Serialisation, and I got the following error:
System.ArgumentException: Illegal characters in path.
at System.IO.Path.CheckInvalidPathChars(String path, Boolean checkAdditional)
at System.IO.Path.IsPathRooted(String path)
at Sitecore.Data.Serialization.PathUtils.MapItemPath(String itemPath, String root)
Joy. Sadly, this pad doesn’t give a clue what the problem item actually is. The log files don’t show an exception – but I can see the last item processed, and it looks funny:
So, if that’s the item throwing the exception then a) serialisation isn’t logging the exception, which sucks, and b) some items in this tree have newline or carriage return characters (\n or \r)
To try and find these, I ran SQL against the database…
SELECT * FROM [MASTER].[dbo].[Items]
where Name like '%' + CHAR(10) + '%'
or Name like '%' + CHAR(13) + '%'
This found a bunch of items with \r in their names. Lord knows how they were put there. I suspect copy and paste from some of the actual content.
Sitecore permissions are always a bit of a pain to figure out. You’ve got the question of inheritance of rights from parent nodes, and how role rights conflicts are resolved.
Well, these two links are particularly useful, I found:
There’s quite a lot of reading there, but it’s good content. The easiest way I’ve found for considering permissions is:
Unspecified (effectively no-access) is beaten by Inherited rules (variable) is beaten by Allowed (has access) which is beaten by Deny (No access).
In other words, an explicit Deny will block access to a user.
If there is a conflict between explicitly assigned roles, Deny wins.
If rights are assigned directly to a user (rather than a role) they win – though you shouldn’t be assigning rights directly to users. It’s unmanagable in the long term.
Kam Figy of Kam’s Idea Log has a helpful post on “EditContext Considered Harmful” which is well worth a read.
The short form – USING() is bad, as it always disposes, which commits some (but not necessarily all) updates. Item.Editing.BeingEdit() and Item.Editing.EndEdit() are preferred.
So, the fun and games of a new technology. I had to install Sitecore Azure (documentation); here are some of the issues I found…
Continue reading “Sitecore Azure (8.1)”
I had a requirement on a recent project to download a .CSV from within Sitecore User Manager. Basically, it was to download all users within a particular domain. The ‘download’ bit proved tricky, though. Continue reading “Custom Download from Sitecore User Manager”
A quick note to myself – in Chrome you can check your HSTS headers for a site using:
This was a problem for me yesterday, and the UAT system I was configuring wasn’t visible to sites like https://securityheaders.io/ that I’d normally use.