From mildly relaxed to

"I thought I was asleep"

You can be as relaxed as you wish.

List of UNIX Configuration File Settings

Configuring Server Extensions Parameters

Configuring Server Extensions Parameters

Some features of the FrontPage 98 Server Extensions can be configured by setting server parameters in the Server Extensions configuration file. On multi-hosted systems, the file is named '<hostname>:port.cnf' where <hostname> is the fully qualified domain name of the server. On a single-host system, the Server Extensions configuration file is named weXXXX.cnf where XXXX refers to the web server's port number. This file is stored in the /usr/local/frontpage directory by default and can be edited by the server administrator if changes are necessary. The syntax for configuration parameters is parameter:value.

Default Server Extensions Parameters

The FrontPage 98 Server Extensions install with the following parameters set as indicated. This default configuration maximizes the host server's security.

NoExecutableCgiUpload

Initial value after installation: Non-zero. A non-zero value for this parameter prevents the FrontPage 98 Server Extensions from setting the execute bit on any CGI scripts that the customer uploads to the web content area using FrontPage. On inspecting the CGI script, the web presence provider can manually set the execute permission, if desired. Changing this parameter value to zero instructs the Server Extensions to automatically set the execute bit on CGI scripts uploaded to the customer's cgi-bin directory.

NoServerFilePipeTo

Initial value after installation: Non-zero. A non-zero value for this parameter prevents the default (Save Results), Registration, and Discussion FrontPage form handling components from piping their output to any program. To let customers pipe output to a specific list of executables, the parameter ServerFilePipeToAllows should be set instead, and NoServerFilePipeTo should be set to zero. The list of executables specified by ServerFilePipeToAllows is ignored if NoServerFilePipeTo is set to a non-zero value.

NoAbsoluteFileResults

Initial value after installation: Non-zero. A non-zero value for this parameter forces the default (Save Results), Registration, and Discussion FrontPage form handling components to write only to a file within the customer's web content area. It prevents these FrontPage Components from writing to an absolute file path.

NoServerFileResults

Initial value after installation: Non-zero. A non-zero value for this parameter prevents the default (Save Results), Registration, and Discussion FrontPage form handling components from writing to the _vti_log directory in the customer's document root (Setting the NoServerFileResults parameter to zero can be useful to allow customers to save the output generated from the Save Results, Registration, and Discussion FrontPage Components to the _vti_log directory in the server's root web). As a security measure, the author.log file in the _vti_log directory records all authoring actions on the web when the Logging parameter is set (see below). The non-zero value for NoServerFileResults prevents an author from "covering his tracks" by overwriting or modifying the author.log file.

Other Security-related Server Extensions Parameters

The following web configuration parameters are not included in the default installation of the FrontPage 98 Server Extensions, but can be added by editing the Server Extensions configuration file. When set as indicated below, these options can increase the overall security of FrontPage.

ComplexPasswords

A non-zero value for this parameter forces FrontPage to require all FrontPage passwords be a minimum of eight characters, including at least one non-alphanumeric character. Also, when this parameter is set, the password cannot be a sub-string of the username.

Logging

A non-zero value for this parameter causes all authoring operations to be logged to the file author.log in the _vti_log directory of the customer's document root. Each operation is recorded with the current time, remote host, author's user name, web name, operation performed, and the per-operation data. In the event of a security breach, this log file can be analyzed for authoring activity on the customer's web. Default value = 0.

ServerFilePipeToAllows

A space-separated list of programs to which the default (Save Results), Registration, and Discussion FrontPage form handling components can pipe their output. At installation time, the FrontPage 98 Server Extensions set the NoServerFilePipeTo parameter (see above) to a non-zero value so that these FrontPage Components cannot pipe their output to any program. Setting NoServerFilePipeTo to zero and then setting ServerFilePipeToAllows to a list of programs provides additional flexibility for piping output from the FrontPage Components.

Additional Server Extension Configuration Parameters

These Server Extension configuration parameters do not have an effect on the security of FrontPage, but are relevant to concerns that a Web presence provider may have.

TextMemory

Setting this parameter to zero turns off full-text indexing of the web. A non-zero value allows you to specify the number of megabytes of RAM to use during text indexing for hash-tables and other data structures.

ReformatHtml

Setting this parameter to Y or a non-zero value will cause the FrontPage 98 Server Extensions to reformat all HTML pages when they are uploaded to the web server. Setting a zero value for this parameter causes only pages with FrontPage Components to be reformatted. Default = N

UpperCaseTags

A non-zero value for this parameter causes all HTML tags to be converted to uppercase when the FrontPage 98 Server Extensions reformat HTML pages. Default = 0

PreserveTagCase

When set to "Y" or a non-zero value, attempts to preserve the case of HTML tag attributes when the FrontPage 98 Server Extensions reformats HTML pages. Note that the tag itself will always be upper- or lower-case according to the UpperCaseTags attribute. Defaults to 0.

MaxAliases

This integer value limits the maximum number of aliases for NCSA server. The default is no maximum for NCSA. (This does not affect Apache servers.) This presumes that the NCSA server has been recompiled with a higher limit on the number of aliases. If this is not set, an error may occur after the fifth sub-web you create.

AccessControl

When this parameter is set to zero, FrontPage AccessControl is completely disabled. In general this is not recommended. Turning off AccessControl requires that the access control on the _vti_bin directories be set manually whenever a sub-web is created. Until this is done, anyone can author against the web. The advantage to AccessControl is that a knowledgeable webmaster who has set custom access control permissions will not have work re-written by FrontPage. This also causes the FrontPage Explorer to disable the Permissions command on the FrontPage Explorer's Tools menu. Default = 1.

SMTPHost

This parameter is set to the name or IP address of a host running an SMTP daemon, such as sendmail on UNIX. When a user submits a form whose results are to be sent via Email, the FrontPage Server Extensions connect to the SMTP daemon to deliver the mail. By default FrontPage assumes the daemon is listening on port 25 (the standard for SMTP) but you can override this by appending ":xx" to the name, where the xx is the port to use. Normally you will set either SMTPHost or SendmailCommand, but not both, because SendmailCommand takes priority over SMTPHost. Examples:

SMTPHost:mail.example.microsoft.com

SMTPHost:test:10000

SMTPHost:127.0.0.1

MailSender

This parameter sets the user name to use as the "from" account when sending Email. Specifically, it is used as the argument to the "SEND FROM:" command in SMTP. The default for SMTP is "user@host", where "user" is the current user account and "host" is the current host name.

SendMailCommand

This parameter sets the name of a program to which Email should be piped. Typically this will be sendmail, but it could be any program. Before invoking the command, all occurrences of "%r" are replaced with the recipient of the mail. The per cent sign character followed by any other character is replaced by that character. Example:

SendmailCommand:/usr/lib/sendmail %r

MailCharSet

This parameter can be used to override the character set attribute of the content-type header.

MailEncoding

This parameter can be used to override the content transfer encoding attribute of the content-type header.

CacheMaxDocMeta

This integer parameter sets the maximum number of documents in the cache. The default value is 512 .

CacheMaxInclude

This integer parameter sets the size (in MB) of the include file cache. The default value is 16.

CacheMaxImage

This integer parameter sets the size (in MB) of the image file cache. The default value is 16.

Locale

The locale of a program determines such things as how dates and times are formatted, and the collating order of strings. The Server Extensions set their locale from their environment but some UNIX http servers strip out the environment in CGI scripts. If locale is set, the Server Extensions call the operating system routine setlocale with that value as the second parameter and LC_ALL as the first parameter. The following example changes the locale to German:

locale:de

Parameters That Can Also Be Set in the FrontPage Explorer

The following parameters can be set in the FrontPage Explorer under the Tools menu's Web Settings command in the Advanced tab. Using these parameters will set the defaults for the web, however these settings will not be updated in the FrontPage Explorer's user interface.

NoClientImageMaps

When this parameter is set to 1, it prevents FrontPage from generating HTML that supports client-side image map processing. By default, FrontPage can generate both client-side and server-side HTML by not setting this parameter and by selecting a server-side ImageMapFormat.

ImageMapFormat

This parameter sets the server image-map style. Valid parameters include: FrontPage, NCSA, CERN, Netscape, or <None>. If you select <None>, FrontPage will not generate HTML to support server-side image map processing.

ImageMapURLPrefix

This parameter sets the server-relative URL of the server-side handler for the selected image-map style. If style (ImageMapFormat) is "FrontPage," server-side image maps are handled automatically. For other styles, provide the name and location of a handler.

ScriptLanguage

This parameter sets the scripting language for the scripts that are automatically generated to enforce any data validation settings you apply to form fields. Valid parameters include VBScript, JavaScript, or None.