FP2000: Configuration Settings to Assist in Securing Database Information on a Web Server

ID: Q232645

The information in this article applies to:

Microsoft FrontPage 2000

SUMMARY

FrontPage 2000 provides any authorized FrontPage author with rich database authoring capabilities. Webmasters providing FrontPage web space to multiple individuals or organizations will want to review methods of securing database information to ensure that all access to data on the web server is authorized.

In addition to these configuration settings, when FrontPage creates a database in the current web, it does so in a folder that is marked non-browsable, thereby prohibiting browsers from downloading entire databases.

MORE INFORMATION

The ListSystemDSNs and NoMarkScriptable configuration settings are made in the registry of the computer that hosts the FrontPage webs. They can be set either globally (for the whole computer) or on a per-virtual-server basis. Global settings are placed within the following registry key:


HKLM/Software/Microsoft/Shared Tools/Web Server Extensions/All Ports

while per-vserver settings are placed within the following key:


HKLM/Software/Microsoft/Shared Tools/Web Server Extensions/Ports/Port xxxx

ListSystemDSNs

If the ListSystemDSNs value is set to 0, FrontPage users are not allowed to view the list of System DSNs on the web server. This setting defaults to true (do list system DSNs). Keep in mind that an author still needs to know the user name and password for any secured system DSN in order to use it.


ListSystemDSNs (string) = "0" or "1"

NoMarkScriptable

This setting can be used by a webmaster to turn off the ability for customers to remotely change the "scriptable" attribute on a folder. If webmasters turn on this setting and do not give the customers any directories that are marked "scriptable" to begin with, then FrontPage database features and other ASP-based pages will not work on that Web server. Can be set to 0 or 1. Default value is 0 if not set.


NoMarkScriptable (string) = "0" or "1"

vti_nomarkscriptable

This setting is set in a web's metadata, not in the registry. It cannot be set remotely by a FrontPage client. It can only be set on the server by editing the _vti_pvt/service.cnf file for a web. The possible settings are:


vti_nomarkscriptable:BX|0

-or-


vti_nomarkscriptable:BX|1

This setting works the same as the NoMarkScriptable setting. NOTE: If NoMarkScriptable is 1 for a server, but vti_nomarkscriptable is set to 0 for a web on that server, then the remote client can mark directories as being "scriptable". This allows webmasters to disallow scripting for all webs on a server but then selectively re-enable scripting for specific webs.

REFERENCES

Further information about configuration settings for servers running FrontPage Server Extensions can be found in the appendixes of the Server Extensions Resource Kit at

http://msdn.microsoft.com/workshop/languages/fp/.

Additional query words: front page fpfaq


Keywords          : kbdta 
Version           : WINDOWS:
Platform          : WINDOWS 
Issue type        : kbinfo

Last Reviewed: July 1, 1999