RE: FrontPage Security Issue(s) with Subwebs

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Jim Buyens (news_at_interlacken.com)
Date: 12/21/04 

Date: Tue, 21 Dec 2004 08:47:06 -0800

I'm not aware of this as a current or past issue.

Frankly, most such incidents arise from server administrators who don't want
to lean the FrontPage toolset and mindset, and who therefore don't trust
them. Instead, they monkey with permissions directly through Windows and get
it wrong.

Also, when it comes to external resources, like databases, setting different
permissions to those from different subwebs can be tricky.

In this specific instance, however, and with so few facts, it's hard to say.

Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------

"Dennis Hughes" wrote:

> I just agreed to be a webmaster for a state group of a national
> organization. The state's web site is a subweb of the national web.
>
> The national webmaster just told me they don't use FrontPage extensions any
> more because of security issues they have had with a subweb admin
> accidentally getting into the primary web even though they had different
> permissions and usernames/passwords.
>
> i.e. www.myorg.org is the primary site and the subweb is www/myorg.org/fl
>
> Is this a current security issue or is it in the past? I admin some other
> webs that have subwebs with different permissions using FrontPage and would
> like to know is there are unresolved issues.
>
> Dennis
>
>
>

Relevant Pages

  • FPSE2002 Shared Hosting Flaw Workaround
    ... I have begun a workaround for the FrontPage 2002 Extensions use of the ... Interactive and Network permissions for those attempting Secure Shared ... When creating FrontPage users this configuration assumes they only belong to ... Add the Group 'Users' and give them 'Traverse Folder' on 'This folder only' ...
    (microsoft.public.inetserver.iis.security)
  • Re: Interactive USER
    ... by connecting with frontpage and disabling anonymous browsing from there. ... Interactive and Network permissions for those attempting Secure Shared ... SharePoint Admin Web Instance and App Pool. ... Add the Group 'Users' and give them 'Traverse Folder' on 'This folder only' ...
    (microsoft.public.inetserver.iis.security)
  • re: Frontpage 2000 uploading Troubleshooting
    ... I assume that by "upload" you mean "publish". ... FrontPage Publish Command Fails ... a Permissions Administration Page comes up. ... Microsoft FrontPage MVP ...
    (microsoft.public.frontpage.client)
  • re: Need info on IIS manager and autoriting / permisions for FP ( MVP please rea
    ... You should always manage FrontPage permissions through ... FrontPage, and not through IIS Manager or Windows ... installed on the virtual server you're trying to use. ...
    (microsoft.public.frontpage.client)
  • Re: subwebs
    ... You need to contact your host to run a check on the extensions and/or check the permissions for your ... FrontPage Resources, WebCircle, MS KB Quick Links, etc. ... > open that subwebs folder in frontpage. ...
    (microsoft.public.frontpage.client)