Date: Fri, 6 Jun 1997 14:58:52 +0200 (MET DST) From: Thomas Eisenbock <et@space.net> To: "'freebsd-isp@FreeBSD.ORG'" <freebsd-isp@FreeBSD.ORG> Subject: Re: Micro$oft FrontPage extensions? Message-ID: <Pine.BSI.3.96.970606144834.26701D-100000@moebius.space.net> In-Reply-To: <Pine.BSI.3.95.970606075306.2278E-100000@buffnet11.buffnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 6 Jun 1997, Steve Hovey wrote: > Ill get flamed for this but - I wont touch that with a 10 foot pole - you > open security holes. Of course you'll get flamed, 'cause you are wrong :) You can isntall FrontPage Server Extensions secure enough to prevent damage to your system and to other user's data. As long as you have a secure multiuser webhosting environment (with apache or CERN httpd, for example) you can install Vermeer's FrontPage Server Extensions without having to worry about security. You just have to install it like a customer's CGI Script and set the appropriate rights for the files/directories according to your security policies. As FP Server Extensions don't have to run as root (anymore) and needn't be SUID (even if M$ consideres this "secure"), it's nothing else than a user cgi-bin. The only danger is, that you have to execute binaries from a third party vendor that may be able to execute other programs without your knowledge, but that's why we use Unix ;) e.t. -- SpaceNet - Gesellschaft f. http://www.spaceweb.de/ innovative Netzwerktechnik mbH webmaster@space.net Muenchner Technologie Zentrum Frankfurter Ring 193a Telefon: +49 89 32356-333 D-80807 Muenchen Fax: +49 89 32356-299
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.96.970606144834.26701D-100000>