Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
FP2000: Configuration Settings to Assist in Securing Database Information on a Web Server
Article ID: 232645 - View products that this article applies to.
This article was previously published under Q232645
FrontPage 2000 provides any authorized FrontPage author with rich database authoring capabilities. Webmasters providing FrontPage web space to multiple individuals or organizations will want to review methods of securing database information to ensure that all access to data on the web server is authorized.
In addition to these configuration settings, when FrontPage creates a database in the current web, it does so in a folder that is marked non-browsable, thereby prohibiting browsers from downloading entire databases.
The ListSystemDSNs and NoMarkScriptable configuration settings are made in the registry of the computer that hosts the FrontPage webs. They can be set either globally (for the whole computer) or on a per-virtual-server basis. Global settings are placed within the following registry key:
while per-vserver settings are placed within the following key:
ListSystemDSNsIf the ListSystemDSNs value is set to 0, FrontPage users are not allowed to view the list of System DSNs on the web server. This setting defaults to true (do list system DSNs). Keep in mind that an author still needs to know the user name and password for any secured system DSN in order to use it.
NoMarkScriptableThis setting can be used by a webmaster to turn off the ability for customers to remotely change the "scriptable" attribute on a folder. If webmasters turn on this setting and do not give the customers any directories that are marked "scriptable" to begin with, then FrontPage database features and other ASP-based pages will not work on that Web server. Can be set to 0 or 1. Default value is 0 if not set.
vti_nomarkscriptableThis setting is set in a web's metadata, not in the registry. It cannot be set remotely by a FrontPage client. It can only be set on the server by editing the _vti_pvt/service.cnf file for a web. The possible settings are:
This setting works the same as the NoMarkScriptable setting. NOTE: If NoMarkScriptable is 1 for a server, but vti_nomarkscriptable is set to 0 for a web on that server, then the remote client can mark directories as being "scriptable". This allows webmasters to disallow scripting for all webs on a server but then selectively re-enable scripting for specific webs.
Further information about configuration settings for servers running FrontPage Server Extensions can be found in the appendixes of the Server Extensions Resource Kit at
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/324096/EN-US/ )Request to SmartHTML Interpreter may monopolize Web server CPU resources