Vulnerability in EPiServer.Forms
We are about to push our first EpiServer 7 site live today, (first Episerver site for a while). We are converting the existing staging site to become the live site by adding the live URL to IIS, and I just need confirmation on what config settings to change. I know this is not the best approach, but it's only a short term solution, until we setup the 2 server, staging live environment.
Obviously I should be changing things inside Episerver.config. Is it safe to changing siteId (as it currently refers to mysite.staging), if I am keeping the same database? I am guessing I can just change siteURL to the live URL, and just add the existing staging URL (for now, until DNS update) to EpiserverFramework.config siteHostMapping section?
Finally, am I right in thinking that the description and siteDisplayName fields in episerver.config are just labels and can be safely changed?
Cheers in advanced,
Well, that depends on what really changes between staging and live env. I would recommend to backup/restore staging database and make it separate for live env already at the very beginning. This means that connectionString.config (or element in web.config) file should be different for live env.
Ususally we use .config file transformations to be applied to default config files while app is packaged.
Some of the fragments may give you some inspiration of things to look/check for. This is for live env.
<siteSettings siteDisplayName="SiteDisplayName" siteUrl="http://www.project.com/" xdt:Transform="SetAttributes" xdt:Locator="Match(siteDisplayName)" />
<add name="*" language="en" />
<add name="www.project.com" language="en" />
<add key="/LM/W3SVC/3/ROOT:PROJECT-01" siteId="SiteId" />
<appData basePath="D:\www.project.com\Filesystem" xdt:Transform="SetAttributes" />
Element siteHostMapping could be actually left empty (it will be re-generated by EPiServer on first launch anyway - just make sure file is read/write). Then new section could be written back to config transformation file for next deployments.
Also - if would suggest to saparate VPP folders just in case (element appData element should be changed for this).
Most probably there are also things to check/change in web.config, EPiServerLog.config and any other config files.
Yes, that is eventually how it will be done, but due to time constraints, I've not been able to setup this environment in time for our go live today. It's how I want to do it, but it's not possible.
Which is why I am just making the staging site live (and then we don't have a staging site), hence the question about what bits I change in the existing staging config file, to make it live... It will use the existing VPP folders for now.
Then changing site urls should be fine. And of course you can double check licenses as well.