|
| |
|
|
Wage Slave
Posts: 24
From: None
Status: offline
 |
FrontPage and .NET - Security Issues - 3/5/2004 16:03:27
Our original FrontPage server hosting sites on the company intranet is running NT4 with FP2000 extensions. We configured it to block sites from running executables because of reports that you could take over the server if you could upload and run cmd.exe in your site.
We're about to build a new FrontPage server running Windows 2000 with FP2002 extensions and have had some requests to install .NET framework 1.1 on the same server. What are the security issues? Is .NET use compatible with a no-executables setting for FrontPage?
Wage Slave
|
|
|
|
Richard Dudley
Posts: 668
Joined: 8/22/2002
From: Butler, PA
Status: offline
|
RE: FrontPage and .NET - Security Issues - 3/5/2004 22:04:16
.NET is entirely compatible with no executables setting. .NET pages are filtered by an ISAPI filter, just as classic ASP is. THey use two different filters, so it's not a good idea to mix classic ASP and .NET in the same website--you'll run into session problems (it can be done, but it's probably more worthwhile to rewrite anything existing if you need to use it in a .NET site).
Microsoft has some great resources on installing .NET. Your server will have both .NET and FPSEs, but chances are, an individual website probably won't use both. There is some information regarding using the FPSEs with .NET, mainly for publishing the webs.
You cannot use FP web bots with a .NET site.
Microsoft's Patterns and Practices library has some great resources on .NET development and security:
http://www.microsoft.com/resources/practices/Audiences.asp
_____________________________
I need to change my avatar--the puppy is full grown now!
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
