FP98: Form Results Not Secure in _Private Folder on IIS Server (194239)
The information in this article applies to:
- Microsoft FrontPage 98 for Windows
This article was previously published under Q194239 For a Microsoft FrontPage 97 version of this article, see 183047.
SYMPTOMS
FrontPage stores results of the Save Results Form Handler in the _private
folder. If you are using Microsoft Internet Information Server (IIS), the
contents of this folder are available for anyone to view. Anyone can access
the results in this folder by opening a page from this folder in a Web
browser.
CAUSE
When FrontPage creates the _private folder, it limits browse access to
FrontPage authors and administrators only. It grants write access to the
files in this folder so that the FrontPage Server Extensions can create and
update the results file. However, IIS servers are unable to grant write
access to a file without also granting read access.
RESOLUTION
To resolve this problem, follow these steps:
- Open your Web in FrontPage Explorer.
- Right-click the _private folder and click Properties on the menu that
appears.
- In the _private Properties dialog box, click to clear each check box.
- Click OK.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. MORE INFORMATION
This behavior is specific to IIS servers only. This behavior does not
occur on the UNIX platform or with other Web servers running on Windows NT.
When you remove browse access on a folder, the server no longer allows
access to the folder via HTTP. It does not alter the NTFS permissions of
the folder. The FrontPage Server Extensions still have full access to the
folder and the files in it. And, you will still be able to view and edit
files in the _private folder using FrontPage.
| Modification Type: | Major | Last Reviewed: | 10/3/2001 |
|---|
| Keywords: | kbbug KB194239 |
|---|
|