From owner-freebsd-security  Thu Oct 22 11:34:37 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA06244
          for freebsd-security-outgoing; Thu, 22 Oct 1998 11:34:37 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mail.clearsail.net (mail.clearsail.net [207.252.227.3])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA06227
          for <freebsd-security@FreeBSD.ORG>; Thu, 22 Oct 1998 11:34:35 -0700 (PDT)
          (envelope-from jase@clearsail.net)
Received: from clearsail.net (pirate.clearsail.net [207.252.222.75])
	by mail.clearsail.net (8.9.1/8.8.8) with ESMTP id NAA28676;
	Thu, 22 Oct 1998 13:20:19 -0500 (CDT)
Message-ID: <362F7A80.747BAE3C@clearsail.net>
Date: Thu, 22 Oct 1998 13:33:37 -0500
From: jase <jase@clearsail.net>
X-Mailer: Mozilla 4.5b2 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Robert Watson <robert+freebsd@cyrus.watson.org>
CC: Deepwell Internet <freebsd@deepwell.com>, freebsd-security@FreeBSD.ORG
Subject: Re: FrontPage Server Extensions
References: <Pine.BSF.3.96.981022133043.4185A-100000@fledge.watson.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I did a search of the security mailing list archives and came up with:

http://www.worldgate.com/~marcs/fp/

Enjoy. :)

Robert Watson wrote:

> On Thu, 22 Oct 1998, Deepwell Internet wrote:
>
> > I'm in EXACTLY the same position. We run an ISP where our primary web
> > server is a FreeBSD 2.2.6 box.  If someone requests to use frontpage I have
> > to go through the point-and-click hell of adding them into the NT server
> > (Add a user into the domain, create a new folder, add them into IIS with
> > both a website and an FTP account).  This just turns into hell.
> >
> > I've been seriously thinking about installing the frontpage extensions, but
> > I'm a little weary since this is a Stronghold secure webserver.  People
> > around the office have been saying that the FP extensions are insecure and
> > buggy, but no one can point to any real examples.
>
> At SafePort, we have some BSD/OS machines, and the same problem.  We would
> far rather run UNIX than NT -- it's more manageable, customizable, secure,
> etc.  However, we have lots of customers asking for FPE now.  I thought
> about trying to reverse-engineer, but I don't have the time.  I wonder if
> anyone on the Apache project, etc, has looked at doing this?  The security
> issues with the MS product are a real concern, and we have been losing a
> few customers because we are reluctant to install a known problem on our
> servers.
>
>   Robert N Watson
>
> Carnegie Mellon University            http://www.cmu.edu/
> TIS Labs at Network Associates, Inc.  http://www.tis.com/
> SafePort Network Services             http://www.safeport.com/
> robert@fledge.watson.org              http://www.watson.org/~robert/
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message