From owner-freebsd-isp  Fri Jun  8 10:58:15 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from gifw.genroco.com (genroco.com [205.254.195.202])
	by hub.freebsd.org (Postfix) with ESMTP id 31F3E37B401
	for <freebsd-isp@FreeBSD.ORG>; Fri,  8 Jun 2001 10:58:12 -0700 (PDT)
	(envelope-from hetzels@westbend.net)
Received: from gi2.genroco.com (IDENT:root@gi2.genroco.com [192.133.120.3])
	by gifw.genroco.com (8.9.3/8.9.3) with ESMTP id MAA12200;
	Fri, 8 Jun 2001 12:58:06 -0500
Received: from scot.genroco.com (scot.genroco.com [192.133.120.125])
	by gi2.genroco.com (8.9.3/8.9.3) with SMTP id MAA20272;
	Fri, 8 Jun 2001 12:58:04 -0500
Message-ID: <02a101c0f044$9173c660$7d7885c0@genroco.com>
From: "Scot W. Hetzel" <hetzels@westbend.net>
To: "Peter Brezny" <peter@sysadmin-inc.com>,
	<freebsd-isp@FreeBSD.ORG>
References: <MFEFLELMIJGKDKPCJHAFOEBGCDAA.peter@sysadmin-inc.com>
Subject: Re: security and FrontPage 2000 extensions on apache.
Date: Fri, 8 Jun 2001 12:58:04 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

From: "Peter Brezny" <peter@sysadmin-inc.com>
> Digging around in the archives, I've found a lot of comments about the
> insecure nature of fp extensions, but sometimes not a lot of meat to back
up
> the arguement.
>
> I'm running an old 2.2.8 server with fp98 extensions on it.  Have the
fp2000
> extensions tightened up the security any more?  Do they install more
easily?
> General comments?
>
The security of the FrontPage extensions mostly rely on how you configure
the Apache server.  You want to restrict who and from where a user can
administer or author a FP enabled web site.  Configuration of theses
security settings is done thru the FP client, which informs the FP Exts
(fpadmin.exe) to create the necessary .htaccess files to restrict users
permissions on a web site.

Installation of the FP2K Exts (fp40) hasn't changed.

Scot


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message