Kentico offers some great tools to import and export your site from one server to another. But have you ever had a need to ensure this didn't happen? Come take a look at why you'd want to do this and more importantly how.
For most people, ensuring their website is secure is a must. What most people don't think about is what happens when
your website is attacked? This attack could be from an external source or even an internal source like an unknowning or rogue administrator. What I'm going to focus on here is how you can protect your sites content and objects from being exported from Kentico.
Let me set the scene, you have a single instance of Kentico on your server and you have multiple websites on it. Since you're the best Kentico Administrator around you know you have your permissions and security set properly for each of the individual sites administrators. Well, remember when you took that awesome week vacation to Jamaica with your wife? Well, someone had to setup the two new administrators while you were off frolicking around and now all 68 of your other websites are exported, deleted from the Kentico instance and being held for ransom.
Using the Import/Export functionality Kentico offers is essential when I don't have access to the physical file system of a website. If this is not available to me, I'm unable to do any kind of importing templates, web parts, or other objects. Also when your site is setup correctly, you can export your site and all the objects very easily and import them into another instance in a matter of minutes. These features are by design, but could backfire on you if you don't watch out.
All of what you're going to do next will require you have access to either the physical servers file system or FTP access to set permissions to the file system. Now lets restrict access to the import and export functionality WITHOUT
affecting the rest of the Kentico instance. Are you ready for it?
On the server
Simply restrict the read/write access of the user runnig the AppPool on the /CMSSiteUtils or to the individual import and export directories.
And that's it folks!
No rocket science, no crazy tricks, just simple permissions to a directory.
Best of luck and Happy Coding!