Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: open
Daftly I assumed the _private folder was not browsable, but the _private folder Frontpage creates & displays lies within HTDOC so is browsable by all & sundry. Looking via FTP I can see there is HTDOC, LOGFILES & PRIVATE (the one I should publish, say, form results to).
Question is - how do you publish to it when you cant see it?
Also, does deselecting "Allow files to be browsed" on the properties tab of the defualt _private work just as well?
Thanks in advance
Also, I'm not sure if I was clear, but Frontpage does not seem to allow me to "see" above the HTDOCS folder - i.e. I cant "see" the directory in which HTDOCS, PRIVATE & LOGFILES reside using Frontpage. Is that normal using Frontpage, or does it look as if I have an access problem with my ISP?
You do say, though, that _private is "secure by default". Do you know if that is the same security as that invoked by de-selecting "Allow files to be browsed" on thats folder's properties tab, or is there some other access rights that need setting?
About the _private folder...
When FrontPage creates the _private folder, it limits browse access to FrontPage authors and administrators only. It grants write access to the files in this folder so that the FrontPage Server Extensions can create and update the results file. However, IIS servers are unable to grant write access to a file without also granting read access.
In reference to the other folders you are referring to, if you've got the "show hidden folders" selected, you should be able to see everything that is available to you in the www directory. The other two folders you reference sit above the www directory and you typically would not have access to them nor would you need to. In the 11 years I've worked with FrontPage (VTI), I've never had to go above the root and into those folders. I wouldn't want to! ;)
[edited by: pageoneresults at 2:56 pm (utc) on Dec. 13, 2006]
If so, by de-selecting "allow files to be browsed" have I "fixed" that hole, so to speak, or do I need to think about encrypting any contents of _private?