• Finding The Security Update Log File
    DescriptionThis article explains how to find the log file for the security patch installer. ResolutionLog into the webserver and navigate to the drive where the site is installed on. Go to this directory.  C:/Program Files (x86)/Ektron/SecurityUpdate/Look for the Results.html file and op...

  • Heartbleed Vulnerability
    DescriptionEktron is taking the Heartbleed vulnerability very seriously and want to keep you all informed of how this impacts you. Below is a description of what the vulnerability is, what it can effect, and how to mitigate intrusions due to this vulnerability. Ektron sites use IIS and so are ...

  • How To Add HttpOnly Flag To The ECM Cookie
    DescriptionThis article describes the Ektron configuration option for setting the HttpOnly flag for the ECM Cookie.ResolutionIn the web.config you will find the following key <!-- This is for setting the HttpOnly attribute for the ECM cookie --><add key="ek_HttpOnly" value=&qu...

  • How to configure a self-signed SSL certificate with Ektron
    DescriptionThis article shows you how to configure a self-signed certificate to test the Workarea in SSL or troubleshoot an SSL issue. A self-signed certificate can help you find a feature that works in HTTP, but not HTTPS. ResolutionThe following linked article outlines the steps to create...

  • How to encrypt the ecm cookie
    DescriptionThis article explains how to encrypt the ecm cookie. ResolutionTo encrypt the ecm cookie 1)  Edit web.config.Changeto 2) Recycle the application pool for the website.

  • HTTPONLY flag not set in Internet Explorer
    Description After having set ek_HttpOnly to true in the web.config you may not see the HTTPONLY flag in Internet Explorer's F12 Developer Tools. Resolution This is an issue with how older versions of IE display if a cookie is set to HTTPOnly and other methods should be used to ver...

  • Prevent aspx files from being executed
    DescriptionHere are some steps you can take to make your environment more secure.[Update 08/01/2013: We've created a utility that automatically runs through the steps below. You can find the utility here: EkSiteLockDown.exe -- download this file and run it on the server you'd like to secure]Many...

  • Restrict access to a file or folder
    DescriptionHow to restrict access to a file or a folder based on incoming IP addresses ResolutionSecuring a FolderOpen IIS Manager (Start > Run > Open INETMGR and hit enter)Navigate to web siteSelect the folder, which needs restrictionIn features view double click on “IPv4 Address and...

  • SSL versus TLS – What’s the difference?
    DescriptionIf you are trying to use a secure email connection to GMAIL servers, use port 587.  Port 587 is considered a TLS port and is as or more secure than the general SSL ports of 465. ResolutionSSL versus TLSTLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols th...