Configuring Additional Security
Easysite allows for additional configuration to further increase the level of security within any given installation regardless of the hosting infrastructure.
Encryption
Easysite provides configurable 256bit encryption for all web services via AES or TripleDES. The key is itself encrypted when saved and cannot be retrieved through the interface.
Encryption at this level is mandated for 3rd party authentication services such as Active Directory where the encrypted data is then encrypted again through the use of SSL. We further recommend that IP Address/Range restrictions are put in place between services and strongly advise against 3rd party authentication that relies solely on SSL.
Cross Site Request Forgery (CSRF)
Easysite protects against Cross Site Request Forgery (CSRF) by using an Event Validation token. For example,
<input type="hidden" name="__EVENTVALIDATION" id="EVENTVALIDATION" value="/wEWBQLQ25edCQLYr4DOCgLBtuuNCQLbquu/CQKordysAnYkyZA2rfVRhMUFZ0F4asyZrqrOB2wJ5pYsCHmH03Nv" />
Auto-completion and caching
Easysite can block user agents from caching keyed data such as usernames, passwords and email addresses.
