Hi I saved this message for a rainy day because it has always intruiged me. >From what little I know about front page, it seemed to me they could have just used ftp to transfer the files, and I don't use HTML editors because it would take me more tiem to learn how to use the editor than it would to just write the html (but I don't do much html). Anyway, I read about the insecurity of it as well which caused me to have a total lack of interest in installing it on my owne server (my neightbor wanted it), but this weekend I setup a RH6.1 box for my other geeky neighbor who is gettign invilved in a startup, and they need a good reliable server for web/mail. Dammit charles, get to the point. When I setup the box he requested the ability to use fp. I told him I heard it was security risk, but he insisted he needed it, at least for a few months before they could get a *real* web developer to do their site. So hey, it's not my box :) using the site below to get the files, and documentation turned out to be a trivial task. But, to finally get to the point, the damn thing is just a couple of cgi scripts. If you just have one root web, and don't allow users to create sub webs, it appears relatively harmless to me in the big scheme of things. So if you only have one person authoring and administering the site (perhaps defeasting the real usefulness of the product) I see no harm in having it. I di not have to patch apache since I'm not trying to have sub webs, and I had to do none of the silly busineess like making the config files owned by nobody. Just thought others would like to know about my experience. Oh, this was front page 2000 too. charles On Thu, 14 Oct 1999, Steven Hildreth wrote: > Check out http://www.rtr.com/fpsupport/download.htm I think it covers > redhat, I was told to stay away from the Frontpage extensions bit because it > opens up a security hole. > > I created a user and group (named it something like webauthor and webadmin) > and changed the settings in /etc/httpd/conf/httpd.conf to run as that user, > and then chown the whole /home/httpd (or root dir of web server) to be owned > by that user and then use ftp as that user, works great. I use Visual page > (wysiwyg) and it has a ftp agent built in that works great, one button and > the whole local site is published to the server. > > Take it or leave it, my two cents. > > Later.. > Steven > -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
