FrontPage 2003 webdav and ssl

[al]

Has anyone yet noticed that webdav over ssl is broken in the FrontPage 2003
Client? Has anybody successfully connected to a webdav server with https://
and FrontPage 2003? I get the same results both from Apache 1.3 and IIS 6:
some kinda bogus sharepoint error.

the Webdav Client in Network places works.

I guess I can no longer laugh at Dreamweaver or Golive for not having SSL
support since my favorite web publishing tool is a loser too.

Thanks for the emphasis on security FrontPage Client Dept. Looks like you
and the extensions group failed to get that trustworthy computing memo.

Do you really think I'm going to bother to use all the cool features if I
have no security? Think again nitwits.

al

 

[John Jansen \(MSFT\)]

I typically don't like to reply to mails when they make me defensive or mad,
but for this one I will.

You are absolutely correct, and I'm sorry you are experiencing pain from
this issue.

We are looking into fixing this for the first Service Pack.

I have not tried this, but it is possible that Web Dav will work if you
specify the port instead of https. Again, I'm not sure and I have not
tested it, but you may want to try it.

 

[John Jansen \(MSFT\)]

It looks like my last response isn't going to come through, sending it
again.

I normally don't like to respond to mail that sounds so angry, because I may
get defensive and not be very objective in my response, but in this case I
think you deserve a response, so here it is.

You are absolutely right that WebDAV does not work against a server running
SSL. I'm sorry for the pain you are feeling because of this issue. The
fact of the matter is that this issue was found very very late and the risk
of making this work was too great (we would have had to delay shipping all
of Office in order to guarantee that it was tested and didn't cause other
issues deeper in the code).

I talked to a couple of people about this, and while we can never promise
when an issue will be fixed, there are several of us here pushing to get if
into the first Service Pack. I know this doesn't help your pain right now,
and I do not know when that will be coming out (even if it does contain a
fix for this), but I wanted to let you know that this is a known issue.

 

[al]

John,

Awsome, thanks for the reply. It totally helps to know this is a known
issue. Such candor is not what I am usually met with so my flame was
pre-emptive and I appologize.

I used to be frustrated that MSFT doesn't believe that users will pay for
security and trade them for features, but now I'm starting to believe that
users obviously don't seem to give much of a damn. Increasingly I have been
finding security bugs and then noticing little or no reports by users in the
groups. I just don't understand how the users of a product that probably has
a very large distribution don't notice or care about security problems,
expecially since this is a tool used to publish to shared/hosted servers.

So while I love MSFT and its products I sure wish that on issues of security
Microsoft would be not driven by user request.

I have also noticed that when it comes to FrontPage and IIS It is frequently
the case that features that affect security are not included until Betas are
done. This makes it really hard to catch and fix don't you think? (I don't
remember if this was the case in this instance...)

BTW http://www.yourserver.com:443 doesn't work either.

al

 

[Jim Cheshire]

Al,

You'll have a hard time convincing an educated person that Microsoft isn't
focused on security. Just look at the amount of time that elapses between
the time a security problem is encountered and the time that Microsoft
releases a fix. Compare that to the last major security hole encountered in
Linux. It was months before a fix was released for the kernel.

In order to get the real picture, people should do some research.
Unfortunately, it's hard to get the straight beef because so much news is
slanted against Microsoft and many of the flaws found in Linux are not
widely reported. Even though the latest security hole I mentioned
previously allowed elevation of priviledges to the root level, it was not
reported by must computer-industry publications. A similar issue in Windows
would be flaunted all over all of them.

You do the math.

--
Jim Cheshire
Jimco Add-ins
http://www.jimcoaddins.com
===================================
Co-author of Special Edition
Using Microsoft FrontPage 2003
Order it today!
http://sefp2003.frontpagelink.com

 

[Thomas A. Rowe]

It is rare that someone would have to use SSL mode when uploading site
content to a web server in the normal course of business.

--

==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, Forums, WebCircle,
MS KB Quick Links, etc.
==============================================

 

[al]

Jim,

I guess you are unfamiliar with the year long failure to address the 2002
Extensions use of NETWORK and INTERACTIVE permissions that made secure
shared hosting frontpage extended webs impossible?

This was addressed in IIS 6 after a long year of denial and silence in the
FrontPage Groups.

al

 

[al]

Need I say more?

al

It is rare that someone would have to use SSL mode when uploading site
content to a web server in the normal course of business.

--

==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, Forums, WebCircle,
MS KB Quick Links, etc.
==============================================


case contain

 

[Thomas A. Rowe]

No, but my response, indicates why this is not a major concern/issue.

--

==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, Forums, WebCircle,
MS KB Quick Links, etc.
==============================================

 

[Jim Cheshire]

I am well aware of that issue and its remedy.

--
Jim Cheshire
Jimco Add-ins
http://www.jimcoaddins.com
===================================
Co-author of Special Edition
Using Microsoft FrontPage 2003
Order it today!
http://sefp2003.frontpagelink.com