Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
News › Security Policy Register  |  

AppTheory specializes in solutions based on the DotNetNuke platform and has 2 employees on the DotNetNuke Core Team.
  Issues  
 


  Report Issue  




Enter the code shown above in the box below
Send

 
 


Security Bulletins Policy

DotNetNuke takes the issue of security very seriously, and makes every possible effort to ensure speedy analysis of reported issues, and where required, provides workarounds and updated application releases to fix them.

We request that all suspected issues/security scan results get emailed to our security alias displayed below or entered through the online form displayed to the right :

security@dotnetnuke.com

Any information submitted to this alias is kept confidential and is only viewed by members of the DotNetNuke Security Task Force, and will not be discussed outside this group without permission from the person/company who submitted the information. Confirmed issues will be assigned a level to indicate their relative severity and potential impact. This information will be made available via the security blog, forum posts, and where judged necessary, an email bulletin.

Bulletin Levels

Critical

A bulletin rated critical is one where an exploit can be exploited by a remote attacker to gain access to DotNetNuke data or functionality. A critical vulnerability will have a recommended workaround or fix that should be applied as soon as possible.

Moderate

A moderate bulletin is one where a portal can be compromised, but requires some dependant actions e.g. a particular module or a user within a particular role is required, which is then used to gain access to data or functionality. Issues at this level will often have recommended actions to remove the issue.

Low

All other issues are rated as low. These will contain flaws that are very difficult to exploit, or where an exploit has a limited impact.

Disclosure Policy

When a bulletin is posted, we will provide details to inform users of the versions impacted, and unless it will give too much information to potential hackers, the attack vector and potential impacts.

DotNetNuke Core Security Blog

This blog is used to detail any security related posts. This will include both posts on general security matters, as well as information on new issues, releases and documentation.

Security Blog

It is a recommended resource to keep up to date on DotNetNuke security information.

 

 
 


Security Documentation
 TitleOwnerCategoryModified DateSize 
Secure Module DevelopmentShaun Walker 7/21/2006267.98 KBDownload
Hardening DotNetNuke InstallationsShaun Walker 7/21/2006268.02 KBDownload
 


Aricie
Aricie is one of the French pioneers and experts in DotNetNuke technology.
www.aricie.com 		AFUEGO!
Looking for Free DNN Hosting?
www.AFUEGO.com 		Code 5 Systems, LLC.
The DNN Missing Link: A Form Module. Form Master 1.6 is an intuitive Form Creation Module at a great price. Quality Custom Module development, and DNN consulting services.
www.code5systems.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP