If you don't mind I would like for you to be more specific about the
security problems that you see or experienced with Front Page. What I will
then do is run these concerns past the folks who run UNIX servers with
Front Page extensions installed. I'm sure their are some in the existing
Front Page newsgroups. Let's hear what response they may have.
While researching the usefulness of this program, I asked the folks at the
National Computer Security Association booth at the Mecklermedia "WEB
Interactive" show that was held in NYC this past July 31st if they were
aware of any security problems with FP. According to the three gentlemen
hosting the booth, none had heard of any problems with Front Page. I asked
if they were familiar with the program and the response was yes, they were
using it. (One of the business cards that I collected at the booth came
from Larry Bridwell, Sales Executive: email lbridwell@ncsa.com)
Another resource that I relied on was the "Front Page Newsgroup" (I found
this though your service as I am one of your customers).
Finally, I relied on the Front Page "Editors Choice" review in the latest
copy of PC Magazine. I'm sure that their reviewers were aware of the
rumored security problems with Front Page and investigated these problems
before give it their seal of approval.
My reasons for going to bat on this program are many. We offer web site
hosting to non-profit groups who do not have the money to spend on
professional web page creation and design, and have no idea what FTP means.
This program offers outstanding benefits to these organizations. I
don't want to shelve this program without being absolutely sure that it's
the program, and not something else.
Thank you for bringing this to our attention. I do not want in any way to
cause a security leak on the Westchester Library System's server and will
yield using the program until such time that our System Administrator, Jack
Ham is confident that all is safe.
I look forward to your response.
Patrick Colvin
WATPA Webmaster
Web Site: http://www.watpa.org
email: naripat@westnet.com
----------
> From: Christopher X. Candreva <chris@westnet.com>
> To: 'watpa@westnet.com'
> Subject: Re: August Meeting Action Items
> Date: Sunday, August 25, 1996 10:40 AM
>
> On Fri, 23 Aug 1996, Norman J. Jacknis wrote:
>
> > * FrontPage And PathMaster Administration
>
> > Patrick Colvin, our Webmaster,
> > gave an impressive demonstration of Microsoft's FrontPage product for
> > managing complex Web sites. We decided to make this our standard Web
> > management tool. It will allow us to have many people working on
> > different parts of PathMaster while still adhering to the same basic
> > standards.
>
> Sorry I missed this meeting.
>
> I strongly advise against this, especially if you are using the
extensions
> to a Unix server. I looked into it for a client, and FrontPage appears to
> me to be a big gaping security hole.
>
> If nothing else, do NOT run FrontPage and/or the web server as root as
the
> documentation suggests. If you do so, you might as well take the password
> off the root account !
>
> The fact that MS even MADE this suggestion convinced me they do not know
> enough about Unix security to trust the software.
>
> -Chris
>
> ==========================================================
> Chris Candreva -- chris@westnet.com -- (914) 967-7816
> WestNet Internet Services of Westchester
> http://www.westnet.com/