Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
16<br />
Technical <strong>Notes</strong><br />
Technical <strong>Notes</strong><br />
Securing Your <strong>Ektron</strong> CMS400<br />
The CMS400 product installs with default data that offers the most effective<br />
access to the many features available. Before use on a live site the product<br />
must be secured. The following checklist contains a list of steps to properly<br />
secure the <strong>Ektron</strong> CMS400.<br />
http://dev.ektron.com/kb_article.aspx?id=30982<br />
Security Threat Levels<br />
<strong>Ektron</strong> classifies all security threats in one of the following levels. This table<br />
may be referenced in defect fix descriptions.<br />
Theat<br />
Level<br />
S1<br />
S2<br />
S3<br />
Description<br />
Site and data may be compromised.<br />
An attacker may execute arbitrary statements on your system. This threat<br />
compromises your database's integrity and/or exposes sensitive<br />
information.<br />
Cross site attacks, cookie manipulation, and disclosure of sensitive<br />
information to unauthorized users.<br />
An attacker may execute statements on your system by dynamically<br />
executing statements on client side, thus making the user’s<br />
system/information vulnerable.<br />
Error/warning message that discloses sensitive information. This<br />
information can be used to launch further attacks.<br />
Version 8.02 SP2 <strong>Notes</strong> and Considerations<br />
KB Articles for Upgrading to 8.0.2 SP2<br />
8.02 SP2 Upgrade: Attribute selectors must be enclosed in quotes<br />
(http://dev.ektron.com/kb_article.aspx?id=36171)<br />
8.02 SP2 eIntranet Site File Changes (http://dev.ektron.com/kb_<br />
article.aspx?id=36172)<br />
<strong>Ektron</strong> <strong>Product</strong> <strong>Release</strong> <strong>Notes</strong><br />
All <strong>Release</strong>s