|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Frontpage and permissions - EVERYONE GROUP. (Daniel Docenkal 's Message to the list)
From: Daniel Dočekal (ddoc
MIA.CZ)Date: Fri Mar 03 2000 - 16:53:45 CST
- Next message: .sozni: "Re: Frontpage and permissions - EVERYONE GROUP."
- Previous message: Kent Tegels: "Re: Frontpage and permissions - EVERYONE GROUP. (Daniel Docenkal 's Message to the list)"
- Next in thread: David LeBlanc: "Re: Frontpage and permissions - EVERYONE GROUP. (Daniel Docenkal 's Message to the list)"
- Maybe reply: Daniel Dočekal: "Re: Frontpage and permissions - EVERYONE GROUP. (Daniel Docenkal 's Message to the list)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Something else to consider is that unless FP webs are on NTFS
> partitions,
> security by ACL isn't going to happen.
>
> There's a great -- but far too seldom read -- paper in TechNet called
> "FrontPage Security on IIS Systems" thats a must read for
> anybody going
> down this path.
Well, there is something else what everybody should consider very carefully.
FrontPage Server Extensions have NO PLACE on production server. Never, ever.
PERIOD.
As this might seem to be pretty paranoid or too tough, it is really the only
solution how to solve many security problems involved. Even FPext2000 are
pretty secure (until someone will find new hole), there is no reason why
a) place additional load on server due to handling frontpage stuff
b) place server to security risc by ability to "guess" ID and password
c) leave unwanted CGI/DLL/Filters on server
What we are doing in our environment (and yes, we do run some from most
visited NT based servers in our country with some hundrehts of thousands
unique users per months) is very simple.
Use STAGING server. Somewhere inside your company network, even not on
backbone/hosting place. Use FrontPage there. Then use Site Server or any
other method of content replication to replicate files to PRODUCTION server
(located on backbone) and deploy automatically or with use of scheduling.
This solution is more safe even from point of view of backups - you have
always (at least) two real-time copies of all your contents. If your use SQL
servers, use replication and replicate databases between production/staging
- based on where data is created.
The site in question (in original message) runs FPext on production server -
which i do not understand at all (even simple XCOPY would do if they haven't
got Site Server Content Deployment) - i was able to dig through their press
releases to find somebody from management and i have sent the report to them
also (after walking through many pages) so hopefully, they are going to fix
it VERY soon.
Sorry for english if it's not perfect, i am Czech and it's midnight here.
Daniel
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: .sozni: "Re: Frontpage and permissions - EVERYONE GROUP."
- Previous message: Kent Tegels: "Re: Frontpage and permissions - EVERYONE GROUP. (Daniel Docenkal 's Message to the list)"
- Next in thread: David LeBlanc: "Re: Frontpage and permissions - EVERYONE GROUP. (Daniel Docenkal 's Message to the list)"
- Maybe reply: Daniel Dočekal: "Re: Frontpage and permissions - EVERYONE GROUP. (Daniel Docenkal 's Message to the list)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]