I am running a website, and found any one can access its data via MS
Frontpage. Where is the lack, it is not asking for password while opening the
page and showing my whole directory structure. I use Internet explorer to
check it. I have reset IIS permissions but it does not works. Thanks for reply
What do you mean "they can open it in Frontpage"?
Do you mean that they can make changes, and save it back to the server?
Or they can just open the page for editing?
The former means you have a security misconfiguration.
The latter just means that they downloaded the HTML (same as a browser), and
they can edit it on their local machine, but if they try to save it back to
the server they'd need to supply a username/password
Cheers
Ken
"pcsmitpra"
news:216A17E1-F109-4326-98EC-800F4B391713@microsoft.com...
:I am running a website, and found any one can access its data via MS
: Frontpage. Where is the lack, it is not asking for password while opening
the
: page and showing my whole directory structure. I use Internet explorer to
: check it. I have reset IIS permissions but it does not works. Thanks for
reply
They can make changes and even save them to server, Please its URGENT!!!
Thanks for reply.
the only thing that is 'URGENT' here is for you to turn off that machine
until you have learned enough to properly secure it. if it is exposed to
the internet you can already assume it has been compromised and might as
well plan on flattening it and starting over.
"pcsmitpra"
news:80264A4D-8042-4725-9D69-CE71891A7D99@microsoft.com...
> They can make changes and even save them to server, Please its URGENT!!!
> Thanks for reply.
What version of IIS are you using? And what version of FPSE (Frontpage
Server Extensions) do you have installed on the server?
If you have IIS 5.0 and FPSE 2000 (the version that shipped with FPSE), when
you choose to enable a website with FPSE using the IIS MMC, you are prompted
to create three security groups. If you did not create these groups (either
via the wizard, or manually) you will see the symptoms you describe.
If you did create the groups, then check the membership of the FP Authors
and Administrators groups.
Cheers
Ken
"pcsmitpra"
news:80264A4D-8042-4725-9D69-CE71891A7D99@microsoft.com...
: They can make changes and even save them to server, Please its URGENT!!!
: Thanks for reply.
Thanks Ken,
I am using IIS6.0 and FP 5.0, on Win2003 server.
So, did you create the three user groups when prompted by the wizard?
Cheers
Ken
--
IIS Blog: http://www.adOpenStatic.com/cs/blogs/ken
"pcsmitpra"
news:D0169EF6-0D69-405E-810C-B08E5EE28A8D@microsoft.com...
: Thanks Ken,
: I am using IIS6.0 and FP 5.0, on Win2003 server.
I am using default user and user group, have not created any new user. The
setting for anonymous user login in IIS is checked but I used my a/c and
password there also.
Please re-read what I wrote.
When you right-click the website in IIS Manager, and choose to configure
Frontpage Server Extensions 2000, the wizard asks you whether you want to
create three local groups. You have to have the wizard create those groups
(or you need to create them manually).
If you didn't create those groups, then you will see the symptoms you
describe (anyone can edit any of your webpages)
Please read the FPSE 2000 security documentation, where this is all
explained.
Cheers
Ken
--
IIS Blog: http://www.adOpenStatic.com/cs/blogs/ken
"pcsmitpra"
news:269F3A23-5644-4532-AC2C-497045895549@microsoft.com...
:
: I am using default user and user group, have not created any new user. The
: setting for anonymous user login in IIS is checked but I used my a/c and
: password there also.