From owner-freebsd-security  Thu Oct 22 10:34:08 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA26730
          for freebsd-security-outgoing; Thu, 22 Oct 1998 10:34:08 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fledge.watson.org (COPLAND.CODA.CS.CMU.EDU [128.2.222.48])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA26718
          for <freebsd-security@FreeBSD.ORG>; Thu, 22 Oct 1998 10:34:03 -0700 (PDT)
          (envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id NAA04207;
	Thu, 22 Oct 1998 13:32:56 -0400 (EDT)
Date: Thu, 22 Oct 1998 13:32:56 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Deepwell Internet <freebsd@deepwell.com>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: FrontPage Server Extensions
In-Reply-To: <4.1.0.67.19981022093228.009d4450@mail1.dcomm.net>
Message-ID: <Pine.BSF.3.96.981022133043.4185A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 22 Oct 1998, Deepwell Internet wrote:

> I'm in EXACTLY the same position. We run an ISP where our primary web
> server is a FreeBSD 2.2.6 box.  If someone requests to use frontpage I have
> to go through the point-and-click hell of adding them into the NT server
> (Add a user into the domain, create a new folder, add them into IIS with
> both a website and an FTP account).  This just turns into hell.
> 
> I've been seriously thinking about installing the frontpage extensions, but
> I'm a little weary since this is a Stronghold secure webserver.  People
> around the office have been saying that the FP extensions are insecure and
> buggy, but no one can point to any real examples.

At SafePort, we have some BSD/OS machines, and the same problem.  We would
far rather run UNIX than NT -- it's more manageable, customizable, secure,
etc.  However, we have lots of customers asking for FPE now.  I thought
about trying to reverse-engineer, but I don't have the time.  I wonder if
anyone on the Apache project, etc, has looked at doing this?  The security
issues with the MS product are a real concern, and we have been losing a
few customers because we are reluctant to install a known problem on our
servers.

  Robert N Watson 

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/
robert@fledge.watson.org              http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message