Date: Fri, 22 Apr 2005 15:30:06 -0500 From: Scot Hetzel <swhetzel@gmail.com> To: Joe Rhett <jrhett@meer.net> Cc: Todd Reed <treed@astate.edu> Subject: Re: FreeBSD Port: frontpage-5.0.2.2623_1 Message-ID: <790a9fff05042213306b502f1b@mail.gmail.com> In-Reply-To: <20050422183816.GB45992@meer.net> References: <892CC2C451D0414B90159D10B5BDAA65AB2234@EXCHANGE.astate.edu> <20050207202417.GB37923@meer.net> <20050208004233.GA84236@xor.obsecurity.org> <790a9fff050208142045266974@mail.gmail.com> <20050224203342.GH49530@meer.net> <790a9fff05022414531dd27600@mail.gmail.com> <20050422183816.GB45992@meer.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> So clarify for me again why this is better? >=20 > It seems that adding the submitted patches (4 months old now?) to the > improved mod_frontpage would be better than trying to back-hack these > things into the rtr version of the module. Improved mod_frontpage has > other significant significant security enhancements as well. >=20 The mod_frontpage*-rtr ports work on both apache 1.3 and 2.0. But Improved mod_frontpage only works on apache 1.3. And it looks as thou a version for Apache 2.0 of the Improved mod_frontpage is not going to be developed. http://sourceforge.net/forum/forum.php?thread_id=3D757575&forum_id=3D160311 I only added the options so that users who were using the Improved mod_frontpage port and switched to Apache 2.0 and mod_frontpage2-rtr port would have the same ability to control the use of the Frontpage extensions on their servers. The one difference that I know of between these two mod_frontpage ports, is that Improved mod_frontpage checks to see if we have been authenticated for the ADMIN and ADMINCGI urls. When I added these checks to the RTR version (change FrontPageAlias to FrontPageNeedAuth for the ADMIN and ADMINCGI checks in the mod_frontpage.c patches), the mod_frontpage module was checking for authentication before the Apache 2.0 server requested authentication. Without using the FrontPageNeedAuth check in the RTR mod_frontpage module, I could only administrate, or author a FrontPage enabled web site, sub web, or access admin pages after entering my authentication information. What other significant security enhancements does Improved mod_frontpage ha= ve? Scot
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?790a9fff05042213306b502f1b>