From owner-freebsd-ports@FreeBSD.ORG Fri Apr 22 20:30:07 2005 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E7BA16A4CE for ; Fri, 22 Apr 2005 20:30:07 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28C4043D54 for ; Fri, 22 Apr 2005 20:30:07 +0000 (GMT) (envelope-from swhetzel@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so796755wri for ; Fri, 22 Apr 2005 13:30:06 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=AedUpYdu+9VCpNMRQLsl31+YcSj1iaB6xjBvgIgud15bFUDPPpBbeSFN9S/fw/VNtjlZL3ZM9UE7I1XJxhcqlJ4LmwtQ/uHjDZVE4cjoNyuE+EC0l9UildbQ2ln6cQOe6HV7lBtvkv3h5n426jHjmrgU7JGMd7WQecVf2w8FXog= Received: by 10.54.28.52 with SMTP id b52mr662178wrb; Fri, 22 Apr 2005 13:30:06 -0700 (PDT) Received: by 10.54.29.77 with HTTP; Fri, 22 Apr 2005 13:30:06 -0700 (PDT) Message-ID: <790a9fff05042213306b502f1b@mail.gmail.com> Date: Fri, 22 Apr 2005 15:30:06 -0500 From: Scot Hetzel To: Joe Rhett In-Reply-To: <20050422183816.GB45992@meer.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <892CC2C451D0414B90159D10B5BDAA65AB2234@EXCHANGE.astate.edu> <20050207202417.GB37923@meer.net> <20050208004233.GA84236@xor.obsecurity.org> <790a9fff050208142045266974@mail.gmail.com> <20050224203342.GH49530@meer.net> <790a9fff05022414531dd27600@mail.gmail.com> <20050422183816.GB45992@meer.net> cc: ports@freebsd.org cc: Todd Reed Subject: Re: FreeBSD Port: frontpage-5.0.2.2623_1 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Scot Hetzel List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 20:30:07 -0000 > So clarify for me again why this is better? >=20 > It seems that adding the submitted patches (4 months old now?) to the > improved mod_frontpage would be better than trying to back-hack these > things into the rtr version of the module. Improved mod_frontpage has > other significant significant security enhancements as well. >=20 The mod_frontpage*-rtr ports work on both apache 1.3 and 2.0. But Improved mod_frontpage only works on apache 1.3. And it looks as thou a version for Apache 2.0 of the Improved mod_frontpage is not going to be developed. http://sourceforge.net/forum/forum.php?thread_id=3D757575&forum_id=3D160311 I only added the options so that users who were using the Improved mod_frontpage port and switched to Apache 2.0 and mod_frontpage2-rtr port would have the same ability to control the use of the Frontpage extensions on their servers. The one difference that I know of between these two mod_frontpage ports, is that Improved mod_frontpage checks to see if we have been authenticated for the ADMIN and ADMINCGI urls. When I added these checks to the RTR version (change FrontPageAlias to FrontPageNeedAuth for the ADMIN and ADMINCGI checks in the mod_frontpage.c patches), the mod_frontpage module was checking for authentication before the Apache 2.0 server requested authentication. Without using the FrontPageNeedAuth check in the RTR mod_frontpage module, I could only administrate, or author a FrontPage enabled web site, sub web, or access admin pages after entering my authentication information. What other significant security enhancements does Improved mod_frontpage ha= ve? Scot