Skip to main content
Version: v10.x - Umbraco 10

Security

uSync.Publisher is sending your content and media between Umbraco instances, and as such security and integrity of the messages been sent is paramount.

uSync.Publisher signs all communications with a HMAC authentication key using the AppId and AppKey settings from the uSync.Publish.Config file. Alongside this you should include some basic security configuration to secure your sites.

Use Https

While uSync.Publisher doesn't force HTTPS communication between Umbraco instances it is strongly recommended that you do use HTTPs protocols when setting up server addresses. You can configure Umbraco to force Https for all back office communication in the appsettings.json file.

Use unique AppId/AppKey Values

When uSync.Publisher first runs it will generate a AppId and AppKey value for the config, it is recommended you then use this value to communicate between servers (making sure all servers have the same config). Do not use blank or short AppId/AppKey values.

tip

You can if you choose have different AppId/AppKey pairs for each configured server, while this is a slightly more complex configuration it does allow you to have greater control of what can send where.