FP2000: Configuration Settings to Assist in Securing Database Information on a Web Server (232645)
The information in this article applies to:
This article was previously published under Q232645 SUMMARY
FrontPage 2000 provides any authorized FrontPage author with rich database authoring capabilities. Webmasters providing FrontPage web space to multiple individuals or organizations will want to review methods of securing database information to ensure that all access to data on the web server is authorized.
In addition to these configuration settings, when FrontPage creates a database in the current web, it does so in a folder that is marked non-browsable, thereby prohibiting browsers from downloading entire databases.
MORE INFORMATION
The ListSystemDSNs and NoMarkScriptable configuration settings are made in the registry of the computer that hosts the FrontPage webs. They can be set either globally (for the whole computer) or on a per-virtual-server basis. Global settings are placed within the following registry key:
HKLM/Software/Microsoft/Shared Tools/Web Server Extensions/All Ports
while per-vserver settings are placed within the following key:
HKLM/Software/Microsoft/Shared Tools/Web Server Extensions/Ports/Port xxxx
ListSystemDSNs
If the ListSystemDSNs value is set to 0, FrontPage users are not allowed to view the list of System DSNs on the web server. This setting defaults to true ( do list system DSNs). Keep in mind that an author still needs to know the user name and password for any secured system DSN in order to use it.
ListSystemDSNs (string) = "0" or "1"
NoMarkScriptable
This setting can be used by a webmaster to turn off the ability for customers to remotely change the "scriptable" attribute on a folder. If webmasters turn on this setting and do not give the customers any directories that are marked "scriptable" to begin with, then FrontPage database features and other ASP-based pages will not work on that Web server. Can be set to 0 or 1. Default value is 0 if not set.
NoMarkScriptable (string) = "0" or "1"
vti_nomarkscriptable
This setting is set in a web's metadata, not in the registry. It cannot be set remotely by a FrontPage client. It can only be set on the server by editing the _vti_pvt/service.cnf file for a web. The possible settings are:
vti_nomarkscriptable:BX|0
-or-
vti_nomarkscriptable:BX|1
This setting works the same as the NoMarkScriptable setting. NOTE: If NoMarkScriptable is 1 for a server, but vti_nomarkscriptable is set to 0 for a web on that server, then the remote client can mark directories as being "scriptable". This allows webmasters to disallow scripting for all webs on a server but then selectively re-enable scripting for specific webs.
Modification Type: | Major | Last Reviewed: | 7/27/2001 |
---|
Keywords: | kbinfo KB232645 |
---|
|