|Frontpage + root HTDOC folder|
Query on how to view above HTDOC with Frontpage
| 3:49 pm on Dec 12, 2006 (gmt 0)|
Please forgive my ignorance, but when I publish with Frontpage 2003, I cant work / see above the HTDOC folder via the remote site view.
Daftly I assumed the _private folder was not browsable, but the _private folder Frontpage creates & displays lies within HTDOC so is browsable by all & sundry. Looking via FTP I can see there is HTDOC, LOGFILES & PRIVATE (the one I should publish, say, form results to).
Question is - how do you publish to it when you cant see it?
Also, does deselecting "Allow files to be browsed" on the properties tab of the defualt _private work just as well?
Thanks in advance
| 4:36 pm on Dec 12, 2006 (gmt 0)|
Within FrontPage, go to...
Tools > Site Settings > Advanced > Show hidden files and folders
The _private folder is secure by default. If you are browsing to those files, it is probably because you are logged in.
If not, then have your host assist you with getting everything in order.
| 2:26 pm on Dec 13, 2006 (gmt 0)|
Thanks for the reply, but that option was actually already selected. You do say, though, that _private is "secure by default". Do you know if that is the same security as that invoked by de-selecting "Allow files to be browsed" on thats folder's properties tab, or is there some other access rights that need setting?
Also, I'm not sure if I was clear, but Frontpage does not seem to allow me to "see" above the HTDOCS folder - i.e. I cant "see" the directory in which HTDOCS, PRIVATE & LOGFILES reside using Frontpage. Is that normal using Frontpage, or does it look as if I have an access problem with my ISP?
| 2:45 pm on Dec 13, 2006 (gmt 0)|
|You do say, though, that _private is "secure by default". Do you know if that is the same security as that invoked by de-selecting "Allow files to be browsed" on thats folder's properties tab, or is there some other access rights that need setting? |
About the _private folder...
|When FrontPage creates the _private folder, it limits browse access to FrontPage authors and administrators only. It grants write access to the files in this folder so that the FrontPage Server Extensions can create and update the results file. However, IIS servers are unable to grant write access to a file without also granting read access. |
In reference to the other folders you are referring to, if you've got the "show hidden folders" selected, you should be able to see everything that is available to you in the www directory. The other two folders you reference sit above the www directory and you typically would not have access to them nor would you need to. In the 11 years I've worked with FrontPage (VTI), I've never had to go above the root and into those folders. I wouldn't want to! ;)
[edited by: pageoneresults at 2:56 pm (utc) on Dec. 13, 2006]
| 2:46 pm on Dec 13, 2006 (gmt 0)|
Allowing HTTP access to any directory above the Web root creates a security problem, so I doubt that Frontpage can be configured to do it. For working above Web root, use FTP -- or SFTP (secure) if you can.
| 3:44 pm on Dec 13, 2006 (gmt 0)|
Ahh.. I think I've got it now. As you say "However, IIS servers are unable to grant write access to a file without also granting read access", that may be it regarding the public being able to view the _private directory, as I opted for hosting on a Windows server so as to be able to use Frontpage extensions. Would that make sense?
If so, by de-selecting "allow files to be browsed" have I "fixed" that hole, so to speak, or do I need to think about encrypting any contents of _private?