Behalf Of R. DuFresne wrote:
> Of course, if you are going to do this you have put the server up on a
> sacrificial box on a dmz, as the frontpage extensions are a nasty peice of
> work, yes?
Don't bother with the MS mod_frontpage because it's (a) not really secure and
(b) is a gross hack that patches a core data structure and the cgi modules in
addition to adding a new module.
If you scrap Microsoft's stupid little setuid hack and write your own mechanism
to run the frontpage cgi executables as the user who owns the web files, then
things can be done securely. I've written my own mod_frontpage and mechanism,
and some other guy out there has written his own too:
ftp://ftp.vr.net/pub/apache/mod_frontpage/
I've not used his module, but I've looked at it and it seems just dandy.
- David Harris
Principal Engineer, DRH Internet Services
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
