FP2000: Configuration Settings to Assist in Securing Database Information on a Web Server

Article translations Article translations
Article ID: 232645 - View products that this article applies to.
This article was previously published under Q232645
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

SUMMARY

FrontPage 2000 provides any authorized FrontPage author with rich database authoring capabilities. Webmasters providing FrontPage web space to multiple individuals or organizations will want to review methods of securing database information to ensure that all access to data on the web server is authorized.

In addition to these configuration settings, when FrontPage creates a database in the current web, it does so in a folder that is marked non-browsable, thereby prohibiting browsers from downloading entire databases.

MORE INFORMATION

The ListSystemDSNs and NoMarkScriptable configuration settings are made in the registry of the computer that hosts the FrontPage webs. They can be set either globally (for the whole computer) or on a per-virtual-server basis. Global settings are placed within the following registry key:
HKLM/Software/Microsoft/Shared Tools/Web Server Extensions/All Ports
				
while per-vserver settings are placed within the following key:
HKLM/Software/Microsoft/Shared Tools/Web Server Extensions/Ports/Port xxxx
				

ListSystemDSNs

If the ListSystemDSNs value is set to 0, FrontPage users are not allowed to view the list of System DSNs on the web server. This setting defaults to true (do list system DSNs). Keep in mind that an author still needs to know the user name and password for any secured system DSN in order to use it.
ListSystemDSNs (string) = "0" or "1"
				

NoMarkScriptable

This setting can be used by a webmaster to turn off the ability for customers to remotely change the "scriptable" attribute on a folder. If webmasters turn on this setting and do not give the customers any directories that are marked "scriptable" to begin with, then FrontPage database features and other ASP-based pages will not work on that Web server. Can be set to 0 or 1. Default value is 0 if not set.
NoMarkScriptable (string) = "0" or "1"
				

vti_nomarkscriptable

This setting is set in a web's metadata, not in the registry. It cannot be set remotely by a FrontPage client. It can only be set on the server by editing the _vti_pvt/service.cnf file for a web. The possible settings are:
vti_nomarkscriptable:BX|0
				
-or-

vti_nomarkscriptable:BX|1
				
This setting works the same as the NoMarkScriptable setting. NOTE: If NoMarkScriptable is 1 for a server, but vti_nomarkscriptable is set to 0 for a web on that server, then the remote client can mark directories as being "scriptable". This allows webmasters to disallow scripting for all webs on a server but then selectively re-enable scripting for specific webs.

REFERENCES

Further information about configuration settings for servers running FrontPage Server Extensions can be found in the appendixes of the Server Extensions Resource Kit at

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
324096 Request to SmartHTML Interpreter may monopolize Web server CPU resources
.

Properties

Article ID: 232645 - Last Review: October 21, 2013 - Revision: 1.1
APPLIES TO
  • Microsoft FrontPage 2000 Standard Edition
Keywords: 
kbnosurvey kbarchive kbfaq kbinfo KB232645

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com