Skip to main content
Home  ›  Blog

System Fingerprint in 2sxc 9.30+ using SHA256 Hash

2sxc 9.30 will use a unique installation fingerprint to enhance the security. If you enable advanced features, this will be registered to identify your installation. Here's what's inside.

What is the Fingerprint For?

It is used to uniquely identify an installation, and to ensure that cryptographically signed data (for example activated features) will be tamper proof. So the features configuration will be salted with the fingerprint, and then signed to guarantee it's tamper proof. 

Can the Fingerprint Expose System Information?

No, it can't. We're converting it to a SHA256 Hash with is (according to current knowledge) bullet-proof. So your fingerprint is unique, but completely anonymous. 

This also means that if you register your system to the central security DB for notifications, we cannot read anything out of the fingerprint. 

What's in the Fingerprint?

The fingerprint consists of the following bits of information - so if any of this changes, the fingerprint becomes invalid:

  1. DNN GUID - as an often-unique-id of a DNN installation. Note that it's not fully unique, because depending on the way people install DNN (often copying an existing installation) there will be many cases where multiple installations have the same GUID.
  2. Major DNN version - this is to ensure that minor upgrades don't change the fingeprint, but major upgrades do. 
  3. Major 2sxc version - again to ensure minor upgrades don't change the fingerprint, but major upgrades do
  4. Database Name - this is to ensure that copies of the same system (with the same GUID) still have a unique fingerprint, ensuring that these can be kept apart. It doesn't contain the DB server name, just the DB name itself (like db-dnn-2742). This also ensures that moving a site (usually keeping the same DB name) doesn't change the fingerprint, but creating a copy will create a new, unique fingerprint.

So what happens when the fingerprint changes? As of now, nothing yet, because we want to be sure everything works as expected. In the future, the 2sxc-server will ignore (disable) security-relevant features if the fingerprint doesn't match the installation. 

Security-First Strategy

We're introducing this in 2sxc 9.30 as part of our security first strategy. Hope you love it. 

Love from Switzerland, 

Daniel Mettler grew up in the jungles of Indonesia and is founder and CEO of 2sic internet solutions in Switzerland and Liechtenstein, an 20-head web specialist with over 800 DNN projects since 1999. He is also chief architect of 2sxc (see github), an open source module for creating attractive content and DNN Apps.

Read more posts by Daniel Mettler