Web.config changes in Sitecore CMS 6.4.1 rev. 110621 compared to Sitecore CMS 6.4.1 rev. 110324
Print
Select the link below to download the Web.config file of the default Sitecore CMS 6.4.1 rev. 110621 installation:
Below is the list of changes made to the Web.config file of Sitecore CMS 6.4.1 rev. 110621 as compared to the Web.config file of Sitecore CMS 6.4.1 rev. 110324:
- Add a typeName="Sitecore.Data.Fields.Field" attribute to the field access permission prefix Sitecore\Configuration\AccessRights\Rules:<add prefix="field:" ancestor="{3C1715FE-6A13-4FCF-845F-DE308BA9741D}" comment="/sitecore/templates" typeName="Sitecore.Data.Fields.Field" />
- Two new settings were introduced to allow customers to disable the change password and password recovery functionalities. Add these settings to the settings section:<!-- LOGIN DISABLE CHANGE PASSWORD
If true, Sitecore hides the "Change Password" link on the login page and disables the
/sitecore/login/changepassword.html page.
Default: false
-->
<setting name="Login.DisableChangePassword" value="false" />
<!-- LOGIN DISABLE PASSWORD RECOVERY
If true, Sitecore hides the "Forgot Your Password?" link on the login page and disables the
/sitecore/login/passwordrecovery.html page.
Default: false
-->
<setting name="Login.DisablePasswordRecovery" value="false" /> - Add the following setting to the settings section:<!-- REDIRECT URL PREFIXES
Pipe-separated list of URL prefixes to redirect.
To support IIS authentication, configure redirection for all URLs secured with IIS authentication. Otherwise,
URLs containing embedded languages in the URL might be able to bypass IIS security, which could result in a
vulnerability.
For example, under the default configuration, Sitecore redirects URLs such as "/en/sitecore" to "/sitecore?sc_lang=en"
to ensure that IIS authentication is enforced for such URLs.
Default value: /sitecore
-->
<setting name="RedirectURLPrefixes" value="/sitecore"/>