Microsoft Home Microsoft Home
Microsoft FrontPage 2000 Server Extensions Resource Kit

Introduction


Regardless of what software you are running, there are two major security issues when you host Web sites from your computer.

  • Protecting your computer from unauthorized users.
  • Hosting Web sites, even on an intranet, opens your host computer to a wider community of users. Authentication is the process of allowing users access to a Web service based on user names and passwords, or on IP addresses. (Restricting users by IP address is less secure, because clever users can "spoof" an IP address and gain access to the host computer.)

  • Protecting your computer from malicious programs.
  • The content of a Web site can cause programs to be run on your host computer. An HTML page that "includes" or "substitutes" another page can cause a program to be run on the host computer. Marking directories as executable to allow a script to run on the host computer can allow a program to do anything within the limits of the host computer's resource-protection scheme.

    HTML pages can contain embedded controls, scripts, applets, and other programs that can cause programs to run on a host computer. Form handlers can introduce a further risk, because users can submit commands from within form fields, causing programs to be run when the page containing the form results is browsed. (Form handlers in Microsoft® FrontPage® do not allow this.)

 

FrontPage addresses these security issues by using the built-in security mechanisms of the host computer. Using the FrontPage Server Extensions requires no changes to the host computer's security method:

  • On Microsoft® Windows NT®-based Internet Information Services (IIS) Web servers, each HTTP request to IIS from a Web browser or the FrontPage client runs under a user account on the Windows NT operating system that hosts IIS. FrontPage implements Web security on IIS by changing the access control lists for all files and folders in each FrontPage-extended web.
  • Learn about FrontPage Server Extensions security on Microsoft Windows NT.

  • On UNIX-based Web servers, the server maintains a list of accounts with user names and passwords, and a list of groups of users, all with varying levels of permissions for using the services of the Web server. The accounts and groups maintained by the Web server are separate from the list of users and groups with access to the host computer's file system. By creating access files throughout the Web server's content, different sets of users, with varying levels of permission, can be given access to different areas of the server. FrontPage relies on this mechanism to add web administrators, authors, and site visitors with the proper permissions to the Web server's account list, and to protect content and programs in FrontPage-extended webs.
  • Learn about FrontPage Server Extensions security on UNIX.

 

Security

  TOP
 
  Last Updated June 1999
©1999 Microsoft Corporation. All rights reserved. Terms of Use. Disclaimer