Date: Sat, 21 Apr 2001 10:53:16 +0200 (CEST) From: Christian Kratzer <ck@toplink.net> To: "Scot W. Hetzel" <hetzels@westbend.net> Cc: Apu <apu@home.spfld.com>, seti <seti@geotec.net>, freebsd-isp@FreeBSD.ORG Subject: Re: FrontPage Extensions Authentication Message-ID: <Pine.LNX.4.21.0104211048010.1056-100000@hirvi.toplink.net> In-Reply-To: <015501c0c9c4$44a45fd0$087885c0@GENROCO.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Fri, 20 Apr 2001, Scot W. Hetzel wrote: > From: "Apu" <apu@home.spfld.com> > > On Fri, 20 Apr 2001, seti wrote: > > > > > which all went off without a hitch. However when using the Frontpage > > > 98/2000/XP client to access the FP enabled web, it simply does not ask > me > > > for any username and password, but instead allows me anonymously to > > > edit/publish the webpage, from various workstations. My workaround has > been > > > > You need to AllowOverride AuthConfig so Apache can process the > > authentication configuration information in the .htaccess files. (The > > extensions actually ask for AllowOverride All but you can get away with > > giving out less to the individual .htaccess files -- you really need more > > than just AuthConfig but I don't recall exactly.) > > > > This is the minimum settings that you need to specify in order for the FP > Exts to function securely on a FP enabled website. > > AllowOverride AuthConfig Limit Indexes Options specifically "AllowOverride Options" is required as frontpage drops .htaccess files in directories with "Options None" Sadly "AllowOverride Options" allows users to upload their own cgi's everywhere just by specifiying "Options ExecCGI" and other nice stuff you perhaps would not want them to do by themselves. Because of this we patched apache to allow "Options None" even when there is no "AllowOverrride Options" I really don't fancy porting all these patches to make frontpage secure to apache-2.0 etc... We would gladly drop frontpage support if there weren't that many users using it. Greetings Christian -- TopLink Internet Services GmbH ck@171.2.195.in-addr.arpa Christian Kratzer http://www.toplink.net/ Phone: +49 7032 2701-0 Fax: +49 7032 2701-19 FreeBSD spoken here! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0104211048010.1056-100000>