[Skip to content]

Search our Site
Easysite Resource Centre
Configuring Additional Security

Configuring Additional Security

Easysite allows for additional configuration to further increase the level of security within any given installation regardless of the hosting infrastructure.

Encryption

Easysite provides configurable 256bit encryption for all web services via AES or TripleDES. The key is itself encrypted when saved and cannot be retrieved through the interface.

Encryption at this level is mandated for 3rd party authentication services such as Active Directory where the encrypted data is then encrypted again through the use of SSL. We further recommend that IP Address/Range restrictions are put in place between services and strongly advise against 3rd party authentication that relies solely on SSL.

Encryption - Security Settings

Cross Site Request Forgery (CSRF)

Easysite protects against Cross Site Request Forgery (CSRF) by using an Event Validation token. For example,

<input type="hidden" name="__EVENTVALIDATION" id="EVENTVALIDATION" value="/wEWBQLQ25edCQLYr4DOCgLBtuuNCQLbquu/CQKordysAnYkyZA2rfVRhMUFZ0F4asyZrqrOB2wJ5pYsCHmH03Nv" />

Auto-completion and caching

Easysite can block user agents from caching keyed data such as usernames, passwords and email addresses.

Article comments