FP98: Form Results Not Secure in _Private Folder on IIS ServerID: Q194239
|
FrontPage stores results of the Save Results Form Handler in the _private folder. If you are using Microsoft Internet Information Server (IIS), the contents of this folder are available for anyone to view. Anyone can access the results in this folder by opening a page from this folder in a Web browser.
When FrontPage creates the _private folder, it limits browse access to FrontPage authors and administrators only. It grants write access to the files in this folder so that the FrontPage Server Extensions can create and update the results file. However, IIS servers are unable to grant write access to a file without also granting read access.
To resolve this problem, follow these steps:
Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article.
This behavior is specific to IIS servers only. This behavior does not occur on the UNIX platform or with other Web servers running on Windows NT. When you remove browse access on a folder, the server no longer allows access to the folder via HTTP. It does not alter the NTFS permissions of the folder. The FrontPage Server Extensions still have full access to the folder and the files in it. And, you will still be able to view and edit files in the _private folder using FrontPage.
Additional query words: security 98 iis save results
Keywords : fpexp fpiis fpext
Version : WINDOWS:
Platform : WINDOWS
Issue type : kbbug
Last Reviewed: July 30, 1999