DotNetNuke Social Networking Module

Although preferring Active Social for a client,I am going to test Vivo Social, an open source DotNetNuke Social Networking Module. I'm planning to localize the interface and create templates for Turkish Community. It will be a long journey and i suppose, I will need to use Support Tracker for Vivo Social many times to report any bugs and issues.
I hope everything goes well.

Telerik RAD Editor Bug affects DNN User Profile

While working with DotNetNuke 5.1.1 release i just noticed a new bug. Maybe it has already been reported by other folks, however this is an issue that affects the usability of profile settings.
A user tries to login and wants to update his/her profile, and when he/she comes to Bio field, interestingly Rad Editor width is long, and approches an endless point.
Although editor supports resizing via right bottom widget, it was not possible to do it via Internet Explorer 8.
I reported this error at DotNetNuke Support Tracker, hopefully it will be corrected at future releases.

Vivo Social Template Problems

While working with Vivo Social templates, i noticed that those are also affected by famous Turkish Character Problem of Web Developers. Sadly, tokens that include Caption word, simply refuses to render without replacing Caption to CaptIon. I also noticed that some other tokens are rendered incorrectly as well, of course they had i-I problem too. So unless you are using a multi-locale social network, it is safe to do manual replacements. However, updates of Vivo Social can overwrite these templates. I would recommend taking a backup before applying manual replacements and before updating your social networking website. You may also want to submit the issues to Vivo Social Bug Tracker.

Microsoft Finally Released a Patch for ASP.NET Oracle Padding

While reading daily newsletters from Microsoft, i noticed that Microsoft finally released a patch that fixes critical security vulnerability in ASP.NET.



I have posted an article about Oracle Padding attack previously. Now, it is time to officially patch our servers. Although, it is expected to be released within Windows Update, you can download the update from Microsoft.



You can download the ASP.NET Oracle Padding Update from Microsoft. To check which versions you need, you can visit Scott's blog. He explains it pretty well.

ASP.NET Oracle Padding Critical Vulnerability in Core Code

A very critical serious vulnerability in asp.net was publically disclosed last Friday at a security conference held in Argentina. I recommend that all webmasters and server managers immediately apply a workaround (described below) to prevent possible attacks using this vulnerability against your DotNetNuke (and any other ASP.NET based) web & internal applications.
I initially became aware that of the potential existence of this issue on yesterday and after reading the posts that describe the issue and workaround rushed back to patching my servers.
Attackers successfully used it against a DotNetNuke install and intended to demonstrate that during a conference on Friday 17th September. They also confirmed that original reports that changing the encryption scheme in the web.config of asp.net websites were incorrect and did not stop their exploit.
The DotNetNuke security team immediately began to read all the available material on this and similar oracle padding attacks and considered potential mitigations we could create. In addition we reached out to our contacts in the asp.net team and the Microsoft Vulnerability Research (MSVR) team to let them know the additional information we had and to ensure that we would hear about any further details or workarounds they determined.
Immediately after the first public demonstration of the bug (and a related video demonstration), Microsoft determined a workaround that will protect asp.net sites (including DotNetNuke sites), whilst they work on a more permanent solution - likely a server patch to resolve this at the machine/framework level.

Update: The best solution for padding attack is to upgrade your DotNetNuke to latest version. (DNN 5.6.1 at the time of updating this blog post)

How to fix DNN Padding Attack

Earlier today, DotNetNuke 5.5.1 release published at Codeplex. DotNetNuke 5.5.1 release provides automated configuration for Oracle padding attack for ASP.NET based websites. But of course, it only will protect your DNN website.
Assuming this, you are strongly recommended to upgrade your websites to latest release of DotNetNuke to fight against security vulnerabilities.

However, they also thought users who can't upgrade their websites because of legacy modules or other components. In this case, you have to wait a few days for a module release which promises to protect your websites against ASP.NET Padding attack.

I also posted an article about DotNetNuke 5.5.1 release at DotNetNuke Turkish Community blogs. I will probably publish language packs at a later time as i am quite busy with client's projects right now.

To learn more about new features of DNN 5.5.1 you can check out Release Logs.

DotNetNuke Connections Conference

DotNetNuke Connections conference will be held in Las Vegas Nevada, at November's first week. It will be an exciting event so, make your registrations quickly if you are interested in DotNetNuke Module Development and meeting new people.

Some of the conference topics:

• DotNetNuke for Mobile Applications
• Secure Module Development
• Super Stylesheets
• DotNetNuke 5 Administration: Tips and Tricks
• Deploying DotNetNuke Websites As a Complete Solution

There is also a workshop available for DNN Module Development. Go to conference home page below:
>>

Active Social Enterprise Not Listed at Snowcovered

Today, i decided to purchase Active Social Enterprise Edition for one of my clients. He wants to run a website for a region and he also wants to support social networking with DotNetNuke Community Edition.

Good news is, there is a social networking module for DotNetNuke developed by Active Modules. The module sounds promising, so i convinced my client to make a purchase. Earlier, we were thinking about Active Social Standard Edition. However, comparing the price within Enterprise Edition, we decided to pay 100$ extra and get the Enterprise Edition.

Interestingly, Active Social Enterprise Edition is not listed under Snowcovered. Snowcovered is one of the two biggest DotNetNuke Marketplace portals. Express and Standard edition are available on Snowcovered. But Will, told me that we can only purchase Active Social Enterprise Edition from Active Modules website.

Anyway, although i had my reasons to make the purchase from Snowcovered (dotnetnuke marketplace), Will also had his own reasons.

I send him another email, he said, if they place Active Social Enterprise Edition on Snowcovered, then they have to raise the price a bit. Because of Snowcovered Commission.