httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j...@digitalssg.net
Subject Re: [users@httpd] Apache has FrontPage Server Installation
Date Wed, 17 Sep 2003 11:23:09 GMT
Taking not only the moral or client side repercussions under
consideration, there are also the considerations of managing FrontPage
extentions for Apache under UNIX.

We have an Apache environment serving over 20K websites on one Linux
box. One major challenge has been securing (which is near impossible)
Front Page extensions, and also managing them.

Just getting them to work with vhost_alias is a real trick, which
envoles setting up *phatom* config file for Front Page just to get them
to work.
On the same token is the Disk Space required for the cgi programs which
must reside in ther users home directory. They are aproximatly 4MB total
in size per Document Root, which with 20K sites, adds up to aprox. 80Gb
of disk space. You cannot use Smylinks either, since Front Page requires
that the CGI's be owned by the user and setuid the user. 
A simple solution for this is to build C wrappers (so you can chown and 
setuid them to the user) which point to a central location where the
real Front Page binaries are.

All this just means that it is very expensive to support these, not only
in time and harware, but in opening up security vulnerabilties to your
system.



On Wed, Sep 17, 2003 at 07:09:23AM -0400, Bill Moran wrote:
> David wrote:
> >Hello !
> >
> >Many thanks for your insightful elaboration to move away from FrontPage
> >as a web development tool. 
> >
> >Frontpage is easy to understand and easy to use. I do enjoy the use of
> >FrontPage for its ease of use and most importantly to me, I find it very
> >easy to understand the software ( the use of it, that is). It is
> >intended as a statement of opinion ; but not expressly represent a
> >statement of fact or information about FP's capability in their HTML
> >generation. Anyway, thanks for the tip and write-up on FP's html
> >generation, will keep that in mind when I look at their HTML codes.
> >
> >Having said that, I next wonder if there is a need to use these web
> >developers at all, since most of you seem to purport the idea of
> >hand-coding instead of web "IDEs". I am pretty new to web development
> >still. What approach should a web hobbyist take when developing his
> >site? When should he hand-code the pages, when should he use web
> >development softwares like DreamWeaver ( considering most of you are
> >already ? 
> 
> The biggest problem I know of (with ALL graphical web design tools) is
> that not all browsers display a particular page the same.  This is less
> of a problem than it was a few years ago, but still a concern.  The
> upshot being that _any_ graphical design tool is geared toward a single
> browser, and other browsers will probably display the page slightly
> different.
> 
> With this in mind, I use nedit (an excellent all-purpose text editor
> for Unix-like systems) and manually create the HTML, while viewing
> the results of my work in Mozilla.  Since I work in FreeBSD, I have
> to move to a different computer to see how it looks in IE - if you're
> using Windows you can run both IE and Mozilla/Netscape at the same
> time.  Also, I've found Crimson Editor to be a good text editor for
> Windows.  While it's not my favorite, Bluefish seems to be very
> popular as an editor for people who only do HTML: it has quick
> buttons that automate things such as creating tables and embedding
> images.
> 
> I have Apache installed on my workstation, so I can view the result
> of my work easily, prior to uploading to my hosting provider.
> 
> I use PHP and CSS extensively, as it makes it extremely easy to
> maintian a consistent look/feel across an entire set of pages.  These
> would probably be considered advanced techniques, though.
> 
> Every site I've done for the past 6 years has been done with basically
> this same technique.  Unfortunately, some of the best are on the Bank
> One Intranet, and thus not accessible by the public.
> 
> Hope this helps.
> 
> >-----Original Message-----
> >From: Leif W [mailto:warp-9.9@usa.net] 
> >Sent: Wednesday, September 17, 2003 5:14 AM
> >To: users@httpd.apache.org
> >Subject: Re: [users@httpd] Apache has FrontPage Server Installation ?
> >
> >My $0.02.
> >
> >----- Original Message ----- 
> >From: "David" <amdawong@starhub.net.sg>
> >To: <users@httpd.apache.org>
> >Sent: Tuesday, September 16, 2003 12:55 PM
> >Subject: RE: [users@httpd] Apache has FrontPage Server Installation ?
> >
> >
> >
> >>Dear Bill,
> >>
> >>Perhaps you are right. However, you have to agree to a certain extent 
> >>that FrontPage is really a good starting point for most amateur web 
> >>hobbyist. I am one. Frontpage is easy to understand and easy to use.
> >
> >
> >By this excuse or reasoning, any GUI program may be a good starting
> >point, to generate some code, and then look at the code.  But why not
> >use something like DreamWeaver?  Anyways, by choosing FP, it's maybe an
> >easy place for you to start, but IMHO it's like a crutch which easily
> >turns into a ball and chain, keeping you from learning anything of
> >substance, like CGI programming for simple forms processing using Perl
> >or PHP.  And by the way, I leanred HTML code by viewing source on web
> >pages, copying sections, pasting into emacs (later in vi, NotePad or
> >TextPad or UltraEdit when in win-land). Basic theme: a plain-text editor
> >is ALL YOU NEED, and in fact should be REQUIRED to learn HTML properly.
> >You'll make mistakes and LEARN from them.
> >:-)
> >
> >All these "server extensions" are doing is stuff you can handle with
> >Perl or PHP (or shell script or TCL or Python or Java or C or C++), and
> >you don't need them.  Even if you want to develop in Front Page
> >initially (yikes! it makes SCARY code), the best technique is by
> >tweaking the code, looking in the browser and taking note of what
> >changed.  You can "rip the guts" out of the HTML FORM, and just change
> >the NAME attributes and the ACTION and METHOD attributes, and point it
> >to your own script.  It's fairly easy once you get the hang of it.  You
> >could look for tutorial sites from Google.  I could even write a VERY
> >SIMPLE example (off list) and show you, as a place to get started.
> >
> >
> >>More of a concern to me is that security of web servers running 
> >>frontpage server extensions. I understand from previous discussions
> >
> >that
> >
> >>Apache by far is one of the most reliable web servers around.
> >>
> >>I would like to know if installing IIS ( which is required if I want
> >
> >to
> >
> >>use FrontPage Server Extensions,FPSE) and subsequently installing FPSE
> >
> >
> >>will affect the security of my server - specifically more susceptible
> >
> >to
> >
> >>hacker attacks ?
> >
> >
> >If security is your major concern then I can't think you'd spend any
> >time considering IIS.  You'd probably be infected within a week and
> >spewing out attacks on other computers, not to mention probably root
> >compromised within a few months.  Unless you're planning to stay awake
> >night and day, update all those hotfixes as soon as they come out, i.e.
> >LONG BEFORE they find themselves on the windows update page, if you can
> >deal with security holes that go for months unfixed, and can do without
> >the excellent Apache Users support of a mailing list and accompanying
> >archives and online documentation and community, then by all means go
> >over to IIS.
> >
> >Leif
> >
> >
> >>Many thanks for your time and attention.
> >>
> >>Warmest Regards
> >>David
> >>
> >>-----Original Message-----
> >>From: Bill Moran [mailto:wmoran@potentialtech.com]
> >>Sent: Wednesday, September 17, 2003 12:07 AM
> >>To: users@httpd.apache.org
> >>Subject: Re: [users@httpd] Apache has FrontPage Server Installation ?
> >>
> >>David wrote:
> >>
> >>>Hi guys,
> >>>
> >>>Recently I created a forum website running on my Apache HTTP Server.
> >>>
> >>>All was well and fine I designed and implemented the website on my 
> >>>computer. When I mount it on the apache server and do a test run, 
> >>>problems occur.
> >>>
> >>>"
> >>>1. FrontPage Run-Time Component Page
> >>>You have submitted a form or followed a link to a page that requires
> >
> >a
> >
> >>>web server and the FrontPage Server Extensions to function properly.
> >
> >
> >>>This form or other FrontPage component will work correctly if you 
> >>>publish this web to a web server that has the FrontPage Server 
> >>>Extensions installed. 1.1 Click the <Back> arrow to return to the 
> >>>previous page. "
> >>>
> >>>Any idea how can I go round this problem ?
> >>
> >>2 choices (if you want to continue using Apache):
> >>
> >>1. Use something other than Fronpage to build your web page 
> >>(recommended,
> >>   since Frontpage creates web pages that are standards-broken
> >
> >anyway)
> >
> >>2. Install one of the Frontpage modules to Apache.  There are two that
> >>   I'm aware of, there may be more.  A search on google will be very
> >>   helpful.
> >>
> >>The third choice would be abandon Apache and use Microsoft IIS, but I 
> >>wouldn't wish that on my worst enemy.
> 
> 
> -- 
> Bill Moran
> Potential Technologies
> http://www.potentialtech.com
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message