Message-Id: <199606060035.TAA02115@sierra.zyzzyva.com>
To: new-httpd@hyperreal.com
Subject: Re: MS FrontPage Caveats Note 
In-reply-to: rst's message of Wed, 05 Jun 1996 20:26:10 -0400.
         <199606060026.UAA11410@volterra.ai.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 05 Jun 1996 19:35:33 -0500
From: Randy Terbush <randy@zyzzyva.com>
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

>   The bottomline though is that I am going to have to pull this
>   FrontPage thing onto my system, like it or not. I've got to find
>   a way to sleep at night after doing so.
> 
> Thoughts:
> 
> 1) The FrontPage docs you sent said that it doesn't absolutely *have*
>    to have privilege to send a SIGHUP to the server.  (Why on *earth*?)
>    If your users don't need the features that supports, that could make
>    life a bit easier.

I don't yet know. This one seems that it can be worked around.

> 2) Likewise, it might help to try to find out whether they really *need*
>    to upload CGI scripts.  (Yowch!)

Not only can they upload CGI, they can even direct them to a pipe!
Regardless, this functionality is not desired on my part. The people
that will be getting the most use out of it on our system cannot run
CGI programs.  The FrontPage CGI will be configured only to allow
them to retreive, edit and save their pages from remote. I need to
make sure it is *their* pages they are editing and saving.

> 3) Beyond that, I can only recommend frequent backups, installation and
>    use of something like tripwire (we don't use it here --- the irony is that
>    the MIT AI lab is wide open, and most of the paranoia that has been
>    coming across in the past few days has been acquired as the experience
>    of a repeat victim), and --- if it calms you any --- prayer.
> 
> rst

Personally, I'm into chanting...