J
Jim Carlock
CONFIGURATION:
A fresh install of XP SP2 and associated updates,
and a fresh install of FrontPage XP, along with a fresh
install of IIS 5.1 on XP Pro.
Using FrontPage to access a website locally set up
and configured inside of IIS 5.1, performing the following
to connect to the site:
1) Open Web...
2) Typing in: http://www.website.name/
3) Clicking on Publish Web...
4) Typing in: http://localhost/copy
It published just fine. Everything looked swell.
I then opened http://localhost/copy with FrontPage in the
following manner
1) Open Web...
2) Typed in: http://localhost/copy
I then clicked on:
1) Tools
2) Server
3) Permissions...
On the Settings tab (this part doesn't seem to really
matter I don't think), I clicked on:
* Use unique permissions for this web.
Then I went to the next tab, Groups, and noticed:
Everyone was listed as a group there.
I clicked on Remove and waited a moment while
FrontPage removed the permissions.
FINE! ALL is well.
Then I tested the web out by typing into the address
bar of the browser:
http://localhost/copy
It didn't quite seem right. Something was messed up.
I won't get into that part though, because the real bug
is when:
I tried to put the Everyone group back into the Everyone
tab. After all, I had permission to delete the group. I
surely must have permission to recreate it. I am the
administrator and I am logged in as the administrator.
:-O
Ugh oh. BUG!!!
"Server error: Getting the list of domains failed."
Nice user friendly thing. After all I am not currently
connected to a domain and it didn't need a list of
domains to delete Everyone.
In the next dialog in the Add side I could type in the
Everyone group there and it added just fine. When
I did that the permissions that were granted only
included the List permission and nothing else.
Now that is the bug.
I have a question about setting up permissions through
IIS, which probably should be asked in IIS so thus the
crossposting.
Should the Everyone group be used if the web is only
for internal network configuration? And if it is not
used, what kind of security issues might be present?
If the thing becomes available only to logged in users,
someone can brute force hack the password? What
stops that and how do you stop such attacks? I am
currently under the thoughts that the XP firewall is
stopping such attacks.
Thanks to all that can help,
Jim
A fresh install of XP SP2 and associated updates,
and a fresh install of FrontPage XP, along with a fresh
install of IIS 5.1 on XP Pro.
Using FrontPage to access a website locally set up
and configured inside of IIS 5.1, performing the following
to connect to the site:
1) Open Web...
2) Typing in: http://www.website.name/
3) Clicking on Publish Web...
4) Typing in: http://localhost/copy
It published just fine. Everything looked swell.
I then opened http://localhost/copy with FrontPage in the
following manner
1) Open Web...
2) Typed in: http://localhost/copy
I then clicked on:
1) Tools
2) Server
3) Permissions...
On the Settings tab (this part doesn't seem to really
matter I don't think), I clicked on:
* Use unique permissions for this web.
Then I went to the next tab, Groups, and noticed:
Everyone was listed as a group there.
I clicked on Remove and waited a moment while
FrontPage removed the permissions.
FINE! ALL is well.
Then I tested the web out by typing into the address
bar of the browser:
http://localhost/copy
It didn't quite seem right. Something was messed up.
I won't get into that part though, because the real bug
is when:
I tried to put the Everyone group back into the Everyone
tab. After all, I had permission to delete the group. I
surely must have permission to recreate it. I am the
administrator and I am logged in as the administrator.
:-O
Ugh oh. BUG!!!
"Server error: Getting the list of domains failed."
Nice user friendly thing. After all I am not currently
connected to a domain and it didn't need a list of
domains to delete Everyone.
In the next dialog in the Add side I could type in the
Everyone group there and it added just fine. When
I did that the permissions that were granted only
included the List permission and nothing else.
Now that is the bug.
I have a question about setting up permissions through
IIS, which probably should be asked in IIS so thus the
crossposting.
Should the Everyone group be used if the web is only
for internal network configuration? And if it is not
used, what kind of security issues might be present?
If the thing becomes available only to logged in users,
someone can brute force hack the password? What
stops that and how do you stop such attacks? I am
currently under the thoughts that the XP firewall is
stopping such attacks.
Thanks to all that can help,
Jim