This module is a single-use per DotNetNuke installation utility module that will make a number of security enhancing modifications to your "out of the box" DotNetNuke installation. The following items are modified by the module in a
structured, safe manner.
- Machine Keys are Updated - To ensure any previous breach doesn't allow users to still create encrypted values.
- User Passwords are converted from Encrypted -> Hashed. This improves the security of the passwords by not allowing them to be retreived.
- Updates the web.config to disable "Password Retrieval" and sets up the system to send the user a random password in the situation where they have forgotten their password.
Using this process you can easily update your installation and all users within the installation following the simple two phase approach that we have completely documented.
At the moment this module only works with DNN 4.7.0 - 5.x installations. An enhanced version is in development for work on 6.x installations.
We would like to extend a thank you to Shaun Walker and DotNetNuke Corporation for a bit of assistance with the process to complete the reset process.