DOCUMENT:Q160230 08-NOV-2001 [frontpg] TITLE :FP: User Registration File Not Hidden Automatically PRODUCT :Word Front Page PROD/VER:windows:1.0,1.1,97; macintosh:1.0 OPER/SYS: KEYWORDS:kbusage kbdta ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft FrontPage 97 for Windows with Bonus Pack - Microsoft FrontPage for Windows, versions 1.0, 1.1 - Microsoft FrontPage for the Macintosh, version 1.0 ------------------------------------------------------------------------------- SYMPTOMS ======== In FrontPage, when you use the User Registration template to create a page, the WebBot Registration component is set up to save the list of registered users in a file called Regdb.txt, which is located in the same folder as the registration page itself. This location may lead to security problems if the registration page is in a browseable directory: the Regdb.txt file will be visible to anyone who has access to the registration page. Although the Regdb.txt file does not contain password information, it does contain registered user names. Although a user name without a password is not an immediate security risk, the user name is half of the information an unauthorized person would need to enter your restricted FrontPage Web. NOTE: This problem does not occur in FrontPage 98 because the Regdb.txt file is stored in the _private folder. RESOLUTION ========== To protect the confidentiality of user names, store the Regdb.txt file in the _private folder or some other hidden folder. (Only a FrontPage author or administrator can browse the _private folder.) As a further security precaution, you may also want change the name of the Regdb.txt file. Updating the Form Handler When you Move or Rename Regdb.txt ----------------------------------------------------------- Use the appropriate method for your version of FrontPage. FrontPage 97: In FrontPage 97 Explorer folder view, when you drag the Regdb.txt file to a hidden folder or when you rename it, the form handler will automatically update the information about the page. If the registration form is being set up for the first time, this setting should be changed from the form handler properties. FrontPage 1.x: Rename the Regdb.txt file to _private/regdb.txt. If you use any other method to move the file, you may need to alter the Registration WebBot settings (to do this, modify the form handler properties for the registration page). FrontPage 1.0 for the Power Macintosh: In the FrontPage Explorer folder view, when you drag the Regdb.txt file to a hidden folder or when you rename it, the form handler will automatically update the information about the page. If the registration form is being set up for the first time, this setting should be changed from the form handler properties. STATUS ====== Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article. This problem was corrected in Microsoft FrontPage 98 for Windows. Additional query words: 97 1.0 1.1 ====================================================================== Keywords : kbusage kbdta Technology : kbHWMAC kbOSMAC kbFrontPageSearch kbZNotKeyword8 kbZNotKeyword kbFrontPage1xSearch kbFrontPage97Search kbFrontPageMac kbZNotKeyword3 kbFrontPage100 kbFrontPage110 Version : windows:1.0,1.1,97; macintosh:1.0 Hardware : x86 Issue type : kbprb ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.