You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Marc Slemko <ma...@worldgate.com> on 1997/10/16 05:00:06 UTC
more on frontpage 98 security
Microsoft has put a page up at:
http://www.microsoft.com/frontpage/wpp/apache.htm
responding to the issue.
I find it funny that they say:
Attn: Apache web server administrators
Microsoft has discovered a bug with the FrontPage 98
Server Extensions on the UNIX Apache web server. Read all
about the details and the fix.
...of course MS discovered it. They did, but their discovery was aided a
little bit me thinks. Well, they do give appropriate credit (and even a
reference to my fp security hell web page, although for some reason they
don't use the title for the name of the link... <g>) on the actual page
they posted.
Aside from being unable to copy a URL (worldgate.com != worldgate.net even
though they both work fine) their response isn't too bogus.
I find:
The discovery came about as a result
of Microsoft proactively providing the source code to the
fpexe program for review by the Internet community at
large during the beta testing period of FrontPage 98. The
source code to the fixed version will also be available for
review on the Microsoft FrontPage website at
http://www.microsoft.com/frontpage/wpp/ once the fix is
posted next week.
this funny. Proactive security is publishing the source after release to
let people find gaping holes in it that could have been found (and I did
find them) in two seconds. Funny, I had thought differently. I must be
wrong.
No response (well, not that I can blame them... because there isn't
anything they can say) to their questionable code review, or lack thereof.
Re: more on frontpage 98 security
Posted by Rob Hartill <ro...@imdb.com>.
On Wed, 15 Oct 1997, Marc Slemko wrote:
> No response (well, not that I can blame them... because there isn't
> anything they can say) to their questionable code review, or lack thereof.
It's more likely they are afraid to tell you anything for fear of
having the correspondence posted and ridiculed in public.
--
Rob Hartill Internet Movie Database (Ltd)
http://www.moviedatabase.com/ .. a site for sore eyes.