Dnn.platform: Detect Core Code Changes Before Upgrade

Created on 28 Feb 2019  路  6Comments  路  Source: dnnsoftware/Dnn.Platform

Description of problem

One of the top reasons an upgrade may fail is due to core code changes. That is, changes in code that are applied to the database or actual code files (including modified DLL's). This enhancement suggests that we prevent failed upgrades by immediately notifying or otherwise making obvious that the upgrade will likely not succeed (and/or is not supported).

Description of solution

The basic idea is to build upon and/or further enhance the work that the Security Analyzer features already is mostly doing already. If there are files/folders/permissions/DB schema changes that are detected, the upgrade wizard should simply refuse to attempt the upgrade and display a message that it is due to core code changes. There should also be one or more links to resources to allow for the person to get help (e.g., forums, Q&A, partners, security analyzer, etc.).

Description of alternatives considered

We just keep things the way they are, and people who are not plugged into the community and/or have unreasonable expectations about web application frameworks/platforms will just think DNN sucks and post that message accordingly on their social media channels and blogs.

Additional context

We need to increase the perception of DNN as a solid, stable, and secure platform. This is one of the many methods that we can use to improve that.

Affected version

  • [x] 9.3.0
  • [x] 9.2.2
  • [x] 9.2.1
  • [x] 9.2
  • [x] 9.1.1
  • [x] 9.1
  • [x] 9.0

Affected browser

  • [x] Chrome
  • [x] Firefox
  • [x] Safari
  • [x] Internet Explorer
  • [x] Internet Explorer 11
  • [x] Edge
picture hismightiness

All 6 comments

Given that our "upgrade" is an unzip of the new code over the top, how do you envision adding this?

A safety check for non-modified files PRIOR to having the user download the upgrade zip?

mitchelsellers picture mitchelsellers on 1 Mar 2019
👍1

I am just thinking out loud here, but it would awesome if we could snapshot the install, try the upgrade, keep it if good and revert if bad. I use WHMCS which does it that way, you get an upgrade notification, click a button, it fires up a backup, downloads the upgrade and fires it up. If it fails, you just restore the backup in your hosting. Not sure how this could be implemented in Dnn, but I love how it works.

valadas picture valadas on 1 Mar 2019
👍1

Yes... Those concerns are exactly part of what was inferred with there likely needing to be updates to the security analyzer and/or extending it to other areas in the platform. There's certainly numerous ways to address this concern, which is why left this a bit more open-ended in the original post.

One of the ways could be to not only have a signature check of the platform prior to upgrade in the security analyzer, but also what that looks like when an upgrade package is applied.

hismightiness picture hismightiness on 1 Mar 2019

Also, I put an easter egg in my original post specifically for @valadas 馃ぃ

hismightiness picture hismightiness on 1 Mar 2019

LoL

valadas picture valadas on 1 Mar 2019

If you guys are ok with this, in the spirit of cleaning the backlog, I will close this issue and suggest moving discussions in forums or other means until we can produce an actionable issue. Right now I feel like this is more a discussion than a plan. If I am wrong, fell free to reopen.

valadas picture valadas on 29 Jul 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

soheilkheiri picture soheilkheiri  路  5Comments
trouble2 picture trouble2  路  4Comments
trouble2 picture trouble2  路  5Comments
zyhfish picture zyhfish  路  5Comments
kbratuysuz picture kbratuysuz  路  3Comments