| Author |
FPSE 2002, No security?
|
|
| Buddy Ackerman 2005-08-02, 8:59 pm |
| I installed FPSE 2002 and when I opened the site using Visual Studio.NET it opened without asking for a username and
password. So, it now appears that anyone with VS.NET (or Front Page I assume too) can download my entire web site's
code. I was assuming that FPSE would authenticate using local accounts and group permissions. My workstation is not on
the same netowrk at the web server (I'm at home the web server is at a hosting facility). Why is FPSE allowing me to
access the site with no security? Another Microsoft feature?
| |
| JIMCO Software 2005-08-03, 2:54 am |
| Buddy Ackerman wrote:
> I installed FPSE 2002 and when I opened the site using Visual
> Studio.NET it opened without asking for a username and password. So,
> it now appears that anyone with VS.NET (or Front Page I assume too)
> can download my entire web site's code. I was assuming that FPSE
> would authenticate using local accounts and group permissions. My
> workstation is not on the same netowrk at the web server (I'm at home
> the web server is at a hosting facility). Why is FPSE allowing me to
> access the site with no security? Another Microsoft feature?
No. A "feature" of an incompetent hosting company.
If I sleep with the doors to my house unlocked and someone comes in and robs
me, should I blame my builder?
--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com
FrontPage add-ins for FrontPage 2000 - 2003
| |
| Mark Fitzpatrick 2005-08-03, 2:54 am |
| The FP Server Extensions don't have their own authentication mechanism, they
rely on the web server and OSes security. FP just requests security
information from IIS, which requests it from Windows. In this case, the IUSR
account (which is the anonymous internet account), or the Everyone group
probably has Full privaleges. Basically, FP is letting you in because IIS
says you can get in because whoever set the permissions on the server left
them wide open.
Hope this helps,
Mark Fitzpatrick
Microsoft MVP - FrontPage
"Buddy Ackerman" <buddy_nospam@buddyackerman.com> wrote in message
news:exmiqs8lFHA.1416@TK2MSFTNGP09.phx.gbl...
>I installed FPSE 2002 and when I opened the site using Visual Studio.NET it
>opened without asking for a username and password. So, it now appears that
>anyone with VS.NET (or Front Page I assume too) can download my entire web
>site's code. I was assuming that FPSE would authenticate using local
>accounts and group permissions. My workstation is not on the same netowrk
>at the web server (I'm at home the web server is at a hosting facility).
>Why is FPSE allowing me to access the site with no security? Another
>Microsoft feature?
| |
| Buddy Ackerman 2005-08-03, 5:51 pm |
| Well, I don't understand. how do you actaully set any security settings that affect FPSE? I installed the server
extensions but there is nothing to configure in terms of security. Of course the web site itself need anonymous access
but why does FPSE follow that same model, that doesn't make any sense. How do I set security on FPSE and not change my
web site so that users have to login to browse it?
--Buddy
Mark Fitzpatrick wrote:
> The FP Server Extensions don't have their own authentication mechanism, they
> rely on the web server and OSes security. FP just requests security
> information from IIS, which requests it from Windows. In this case, the IUSR
> account (which is the anonymous internet account), or the Everyone group
> probably has Full privaleges. Basically, FP is letting you in because IIS
> says you can get in because whoever set the permissions on the server left
> them wide open.
>
> Hope this helps,
> Mark Fitzpatrick
> Microsoft MVP - FrontPage
>
> "Buddy Ackerman" <buddy_nospam@buddyackerman.com> wrote in message
> news:exmiqs8lFHA.1416@TK2MSFTNGP09.phx.gbl...
>
>
>
>
| |
| JIMCO Software 2005-08-03, 8:48 pm |
| Buddy Ackerman wrote:
> Well, I don't understand. how do you actaully set any security
> settings that affect FPSE? I installed the server extensions but
> there is nothing to configure in terms of security. Of course the
> web site itself need anonymous access but why does FPSE follow that
> same model, that doesn't make any sense. How do I set security on
> FPSE and not change my web site so that users have to login to browse
> it?
In order to open a Web site and author against it, you have to have Author
(FPSE 2000) / Advanced Author (FPSE 2002) rights. This correlates to a
specific set of permissions that includes Write access to the content.
By default, the permissions are locked down and anonymous users cannot open
a Web site for authoring. If your site is open to anonymous users, it
indicates that your hosting company is frighteningly incompetent and I would
switch to another host immediately!
--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com
FrontPage add-ins for FrontPage 2000 - 2003
| |
|
| What should the permissions be at the server user account level to prevent
such open access. Do those permissions relate to logging into the FPSE Site
Administration area as well? I am having issues not being able to login to
site admin but I do have to enter a password to publish so my issue is a bit
diffrent.
See: microsoft.public.frontpage.extensions.windowsnt Subject: FPSE 2002:
Site Admin Login Refused 8/28/05
Thanks - Jody
"JIMCO Software" wrote:
> Buddy Ackerman wrote:
>
> In order to open a Web site and author against it, you have to have Author
> (FPSE 2000) / Advanced Author (FPSE 2002) rights. This correlates to a
> specific set of permissions that includes Write access to the content.
>
> By default, the permissions are locked down and anonymous users cannot open
> a Web site for authoring. If your site is open to anonymous users, it
> indicates that your hosting company is frighteningly incompetent and I would
> switch to another host immediately!
>
> --
> Jim Cheshire
> JIMCO Software
> http://www.jimcosoftware.com
>
> FrontPage add-ins for FrontPage 2000 - 2003
>
>
>
>
>
| |
| JIMCO Software 2005-08-28, 5:49 pm |
| Jody wrote:
> What should the permissions be at the server user account level to
> prevent such open access. Do those permissions relate to logging
> into the FPSE Site Administration area as well? I am having issues
> not being able to login to site admin but I do have to enter a
> password to publish so my issue is a bit diffrent.
> See: microsoft.public.frontpage.extensions.windowsnt Subject: FPSE
> 2002: Site Admin Login Refused 8/28/05
>
Your host has likely made you an Advanced Author but not an Administrator.
That's common.
--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com
FrontPage add-ins for FrontPage 2000 - 2003
| |
|
| Actualy JIMCO - I am the domain admin. This is a dedicated server that I
have root access to. The problem I am having did not occure on a prevuois
installation. We replaced the HDD/OS becasue the system was unsatable for a
variety of reasons. Now I have this fresh install and can not for the life
of me figure out what is diffrent here, except I have SP1 installed. I can
access the main root admin, just not the individual admin areas for each
website. Any suggestions?
Thanks - Jody
"JIMCO Software" wrote:
> Jody wrote:
>
> Your host has likely made you an Advanced Author but not an Administrator.
> That's common.
>
> --
> Jim Cheshire
> JIMCO Software
> http://www.jimcosoftware.com
>
> FrontPage add-ins for FrontPage 2000 - 2003
>
>
>
>
>
| |
| JIMCO Software 2005-08-28, 5:49 pm |
| Jody wrote:
> Actualy JIMCO - I am the domain admin. This is a dedicated server
> that I have root access to. The problem I am having did not occure
> on a prevuois installation. We replaced the HDD/OS becasue the
> system was unsatable for a variety of reasons. Now I have this fresh
> install and can not for the life of me figure out what is diffrent
> here, except I have SP1 installed. I can access the main root admin,
> just not the individual admin areas for each website. Any
> suggestions?
> Thanks - Jody
>
Can you elaborate some on what you mean?
--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com
FrontPage add-ins for FrontPage 2000 - 2003
| |
|
| Perhaps maybe it is best to check out my other post from earlier today in
this forum: SUBJECT: "FPSE 2003: Site Admin Login Refused". That will better
explain what I am dealing with. I was just thinking that the permissions
issues related in this thread might help with my issues which I suspect may
be permissions related.
Thanks for your help! - Jody
"JIMCO Software" wrote:
> Jody wrote:
>
> Can you elaborate some on what you mean?
>
> --
> Jim Cheshire
> JIMCO Software
> http://www.jimcosoftware.com
>
> FrontPage add-ins for FrontPage 2000 - 2003
>
>
>
>
>
|
|
|
|