|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Frontpage extensions CGI security!
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Frontpage extensions CGI security!
- From: Ramit Luthra <ramitBIGFOOT.COM>
- Date: Fri, 20 Mar 1998 13:23:31 -0500
- Reply-To: Ramit Luthra <ramitBIGFOOT.COM>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
****************** EARLIER SUBMITTED TO IIS LISTS! ********************** Hi guys, I found a bug in the Frontpage 98 Server extensions (atleast on NT). If you set the NoCgiUpload parameter=1, then as suggested by the SERK, the "make executable" box in the frontpage is greyed out AND you cannot upload a file to the directory (thru' Frontpage) which has been marked executable. Now the bug is that even the administrators cannot do it! that is, once this parameter has been set to 1, even a site OR NT admin cannot check or uncheck the box AND also cannot upload the files thru' NT! So how do you make a directory executable thru' Frontpage? I know we can do it thru' the MMC or the ISM in IIS 3, but would you want to give the permissions to do so to ordinary Website admins? The only other way is to have 2 copies of Frontpg.ini file: One with the parameter set to 1 and in other set to 0 AND juggle the files! Microsoft says (thru' my company's premier support line), this is a feature and not a bug. They further say that the documentation in SERK is wrong and they would be correcting it (only the documentation mind you!) Can anybody help me with some other work around? TIA Ramit Luthra Ramit
- Prev by Date: RAS 'save password' problems...
- Next by Date: Re: RAS 'save password' problems...
- Prev by thread: Re: RAS 'save password' problems...
- Next by thread: FW: MSIE buffer overrun
- Index(es):