BlogEngine.NET icon indicating copy to clipboard operation
BlogEngine.NET copied to clipboard
verified publisher icon BlogEngine

Remove default machineKey

Open bugch3ck opened this issue 4 years ago • 1 comments

Remove default machineKey as it is a serious security issue. The default behavior is to let the framework generate a new machineKey on each restart. This will work in most cases. In other edge cases, such as a non-sticky load balancer setup, a machineKey may be used (but not the default one).

bugch3ck avatar Dec 04 '21 00:12 bugch3ck

This is a good idea. Another option, as good and maybe even better, would be to uncomment the commented-out machineKey setting (Autogenerate,IsolateApps).

Davi-Gray avatar Aug 09 '23 20:08 Davi-Gray