For what it's worth, the FP security issues are very well documented
by ReadyToRun Software's site (these are the folks who do the UNIX
ports for Microsoft).
They also keep both BSDI 2.1 and 3.0 binaries available, and they
know about FreeBSD (it's mentioned in the FAQ as an unsupported
platform; apparently someone was having problems with the MD5
password hashing. Someone who cares should send them mail on how
to update their FAQ to be more correct, and to raise FreeBSD's
visibility as a platform -- e.g. what versions to us4e for
what, install instructions for FreeBSD, etc.).
Here is the source code to mod_frontpage and fpexe:
http://www.rtr.com/fpsupport/SERK/a_modfp.htm
http://www.rtr.com/fpsupport/SERK/a_fpexe.htm
Here's Microsoft's take on the security issues:
http://www.rtr.com/fpsupport/SERK/security.htm
Pretty much, using the source code provided, you could add FP
extensions to any web server for which you had source. One caveat
is that the FrontPage client (stupidly) will refuse to create
"sub webs" unless the server type is "netscape" or "apache-fp",
so I guess it's back to lying about what your server is if it
isn't one of those; sorry, JAVA-teers...
Terry Lambert
te...@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-current" in the body of the message
