Read more about Working on the Web with Office 2000  

Beyond Permissions: Securing Your FrontPage 2000-Based Web 

Microsoft FrontPage® 2000 provides administrative tools that let you set permissions and limit access to webs that you create and edit on a Web server. When you click Security on the Tools menu and then click Permissions, you can assign groups (on Windows NT® servers), users, or computers the following types of permission:

• Browse  Users with browse permission can view the web in a browser, but they cannot modify it. You can restrict a web so that only a specified list of users is allowed to view it.
• Author  Users with author permission can view the web in a browser, and they can also create, delete, and modify files in the web.
• Administer  Users with administer permission can view the web in a browser and can create, delete, and modify files in the web, like users with author permission. They can also create and delete whole webs, and they can set permissions for the web.

In some cases, you cannot use the Security command in FrontPage. (You can enable security features by publishing your web to a Web server configured to support FrontPage security.) The command is disabled in the following circumstances:

• Your web is on a disk (such as your hard disk or a network share) rather than published on a Web server.
• Your web is on a server that does not have the FrontPage Server Extensions installed.
• Your web is published on a Microsoft Personal Web Server, because Personal Web Server does not restrict access.
• Your web is published on Microsoft Internet Information Server that uses the file allocation table (FAT) file system rather than the Windows NT file system (NTFS).
• Your Web administrator has enabled the "manage permissions manually" setting for your web.

Setting permissions gives you a degree of security for your FrontPage-based web. This article presents additional strategies you can employ to keep your web and Web server safe from malicious or careless use. You can learn more about setting permissions in FrontPage online Help. For details about how FrontPage implements security features, see the FrontPage 2000 Server Extensions Resource Kit.

Using Subwebs Strategically to Increase Security

If you want to publish a restricted web that contains sensitive data, be sure to publish it as a subweb and not as a root web. An unauthorized person who knows how information about a FrontPage-based web is stored on the Web server can find certain information - such as the version of the FrontPage server extensions, the server type, and URLs for scripts - that always exists at the root web level. Someone could potentially use this information as a starting point for intrusion. Creating secure subwebs for sensitive information puts a level of security between your data and the root web.

A feature of subwebs in FrontPage is that you can set the subweb to use permissions that are different from the parent web. If you create subwebs to store sensitive data, remember that the security of a subweb can never be greater than that of its parent web.

For example, if you create a restricted subweb under an unrestricted root web, the subweb is potentially visible to anyone who accesses the root web. Someone knowledgeable about remote procedure calls used by FrontPage could discover the folder that contains the subweb and use the folder name as a starting point for intrusion. Additionally, an intruder who knows the full URL of a page within the restricted subweb could possibly bypass the subweb's security by typing the URL in their browser.

To restrict access to a subweb, you must first restrict access to its parent web. In FrontPage, select the Only registered users have browse access option in the parent web. If your Web server is Internet Information Server running on a Windows NT server, set the parent web with the following security settings:

• For authentication methods, disable anonymous access.
  1. In the Microsoft Management Console for Internet Information Server, right-click the web, and then click Properties on the shortcut menu.
  2. On the Directory Security tab, click Edit in the Anonymous Access and Authentication Control section, and then clear the Allow Anonymous Access option.
• Make sure the Everyone group is not granted explicit access.
  1. In FrontPage, on the Groups tab of the Permissions dialog box, remove the Everyone group, and then click Apply.
  2. On the Users tab, click Everyone has browse access.
• Make sure the IUSR_computername account is not granted explicit access.
  1. In FrontPage, on the Users tab of the Permissions dialog box, remove the IUSR_computername user, and then click Apply.
  2. On the Users tab, click Everyone has browse access.

Restrict What Authors Can Do

If you administer the Web server where your FrontPage-based web is published, you can prevent Web authors from accessing certain resources that are on the server. For example, you can prevent authors from uploading malicious files to the Web server in an executable directory, where the files can be run using a browser.

To prevent authors from uploading or running unauthorized programs on a Web server, set the appropriate configuration variables for the FrontPage 2000 Server Extensions. For more information about the FrontPage Server Extensions configuration variables, see the first of the Appendixes in the FrontPage Server Extensions Resource Kit.

The following configuration variables control authors' access to scripts and executable files on a Web server. In most cases, you can restrict authors' access by leaving the setting that the FrontPage Server Extensions makes by default during installation. For example, the NoExecutableCGIUpload configuration variable is set to "on" by default.

• AllowExecutableScripts  Set to "off" (default) to prevent authors from running scripts, such as CGI scripts, ISAPI extensions, and active server pages (ASP).
• NoExecutableCGIUpload  Set to "on" (default) to prevent authors from uploading executable files.
• NoMarkScriptable  Set to "off" to prevent authors from being able to allow scripts to be run in a given folder (setting is "on" by default).

Remember that some authors may need to upload executable files or run scripts - for example, if they are incorporating a database into their FrontPage-based web, or if they are using ASP pages. You can selectively enable the ability to upload executable files and run scripts for these authors by setting the appropriate configuration variables on the virtual servers that these authors use.

In addition to the ability to upload executable files and run scripts, system data source names (DSNs) are another resource on the Web server that you should be wary of exposing to web authors. You can hide system DSNs by turning the ListSystemDSNs configuration variable off, either globally or for individual virtual servers. The default setting is "on" when you first install FrontPage Server Extensions.

Make Database Resources Secure

If your FrontPage-based web includes a database, you can take steps to ensure that no unauthorized person can gain access to the database.

• When you add a database to your FrontPage-based web, store it in the folder that FrontPage provides, _fpdb. FrontPage automatically marks this folder as not browsable, scriptable, or executable.
• Use the security mechanisms that are built into the database or database server to restrict who can update the database content. Generally, Web authors' accounts do not need privileges beyond SELECT and UPDATE, which are used by FrontPage. If access restrictions are not set within the database, anyone with authoring or administrative rights to the web might be able to access and change the content of the database.

Use Secure Sockets Layer

You can use password protection to restrict access to certain folders and data in your web. However, if the password and data are passed in clear text across a network, a third party could potentially run a network data capture (sniffer) program to capture the password or data. To ensure that no unauthorized person can intercept and interpret confidential information, use the Secure Sockets Layer (SSL) protocol for the following:

• Remote administration
• Authoring
• Browse access to any sensitive portions of the Web site

SSL is a protocol that provides communications privacy, authentication, and message integrity for a TCP/IP connection. SSL transmits passwords in an encrypted form that is unreadable by normal means. By using this protocol, a browser can communicate with the Web server in a way that prevents eavesdropping, tampering, or message forgery.

To use the SSL protocol for connections to a new web

1. In FrontPage, on the File menu, point to New, and then click Web.
2. In the New dialog box, click Secure connection required (SSL).

If you administer the Web server where the FrontPage-based web is published, and if your Web server is Internet Information Server running on a Windows NT server, you can use the Microsoft Management Console to require SSL authoring for an existing web.

To set the SSL protocol requirement for an existing web

1. In the Microsoft Management Console, right-click the web, and then click Properties on the shortcut menu.
2. On the Server Extensions tab, select the Require SSL for authoring option.

More Information

For more information about security and the FrontPage 2000 server extensions, see the Microsoft FrontPage 2000 Server Extensions Security White Paper, at the MSDN Online Web Workshop.