Security
This article explains how to ensure information about the RadSpell configuration is secure and non-readable. Its transmission between the client and the server must be encrypted and impossible to decode, so the data cannot be used by a malicious entity in an attack against the server.
Configuration information includes various dialog settings.
There is one appSettings
key you should add to your web.config
to ensure information security with the spell dialog:
- set a custom
Telerik.Web.UI.DialogParametersEncryptionKey
.
If you do not set custom keys, default (hardcoded) values are used to encrypt/decrypt the information.
As of R2 2017 SP1, hardcoded keys are not used anymore. Instead, standard .NET methods are used for encryption. Nevertheless, you should still set your own unique custom keys. You can use the IIS MachineKey Validation Key generator to get them (make sure to avoid the ,IsolateApps portion).
DialogParametersEncryptionKey
To provide secure encryption, we strongly advise that you set a custom encryption key for Telerik.Web.UI.DialogParametersEncryptionKey:
<appSettings>
<add key="Telerik.Web.UI.DialogParametersEncryptionKey" value="YOUR-THIRD-UNIQUE-STRONG-RANDOM-VALUE-UNIQUE-TO-YOUR-APP&" />
</appSettings>