MC's BLOG

Developers often forget to check-up on some of the simple things when delivering a solution – especially if no review is in place. I myself try to have a checklist with certain things that should be double checked before a solution is handed over to the customer.

Here are some of the small/big things that I find we or other developers have forgotten about when delivering a Sitecore solution.

Admin Folder
The admin folder under the Sitecore folder often holds some scripts, which could make s solution vulnerable like reading the web.config file, dbbrowser (which offcourse is password protected, but still). When reading this you should ask yourself if you remembered to delete the folder, disallow anonymous access or protect it in some other way.

Sitecore 5.3 Audrey user
This one is my favourite! The audrey user in Sitecore 5.3 solutions. I can’t remember how many solutions I have had to delete or disable this user, because someone else forgot to. And thus leaving the solution wide open, because audrey has a blank password.
And I could mention about 5-10 sitecore solutions that I have stumbled upon online with either the audrey, webmaster or developer user enabled. It is unfortunate that so many developers forget about these “shadow” user accounts.

Sitecore 5.2 Webmaster and Developer user
My second favourite! Probably because there aren’t so many 5.2 versions out there any more, but I have taken over a bunch (well, maybe 3-4) of 5.2-solutions, which had the webmaster and developer user enabled. Although the solution had been runing for 1-2 years!

Although these user accounts may give limited access, the “hacker” would still be able to see everything in your Sitecore client. And if you have modules like the mailinglist installed, well then you are exposing the email-address of all your subscribers, right?

I expect that a majority of the Sitecore installations out there are upgraded to version 5.3 or 6.0, but a select few are still running version 4.3.1. I’am “fortunate” to work with a few solutions running this version, during which I have encountered a lack of references. Offcourse http://sdn4.sitecore.net is still online, but solutions for questions and issues that you would normally send to Sitecore support is hard to come by.

So my contribution this way around is some small tips and tricks that I have found usefull or as the common cause for problems in and around Sitecore v.4.3.1.

SQLDatabaseOwner:
<setting name=”SQLDatabaseOwner” value=”[dbo]” />
When moving a solution from one host to another, this little setting might cause some serious pain if the DB owner changes. I have recently encountered this issue because the host that the customer was moving from used the username/login as the dbowener, whereas the new host simply used dbo. The database was backed-up by the old host and restored by the new host and everything seemed fine untill we tried to login or enter the sites of the solution.
It took me a day to figure out that there was a SQLDatabaseOwner-setting in the web.config and that the dbowner was now different from the one on the old host … doh!

Not able to create folders in the media library?
I can’t remember how often I have talked with a customer who have had problems creating folders in the media library, either directly in Sitecore or through extranet. In 95-99% of the cases it helps adding the current site to IE’s list of trusted sites – and allow the site to open pop-ups.
Would be nice to have some kind of macro that the clients could run on their computer to help setup the necessary settings in IE. Especially if they run/edit multiple sites.

Strange Google Toolbar issue
While talking to a client about why the content editor wasn’t working correctly, I discovered that disabling the google toolbar that the client had installed help enable the functions of the content editor. More specifically editing tables and using the left menu of the content editor was a problem. There most be some kind of javascript issue between the sitecore content editor and the installed toolbar. I haven’t done any further testing on this issue, because I like to keep my development machine as clean as possible. But everytime I encounter a support issues involving strange behaviour in the content editor I tell the client to turn off any toolbars that they might have installed.

Maybe this will work for you too.