            List of UNIX Configuration File Settings

List of UNIX Configuration File Settings

Configuring Server Extensions Parameters

Default Server Extensions Parameters

  * NoExecutableCgiUpload
  * NoServerFilePipeTo
  * NoAbsoluteFileResults
  * NoServerFileResults

Other Security-related Server Extensions Parameters

  * ComplexPasswords
  * Logging
  * ServerFilePipeToAllows

Additional Server Extension Configuration Parameters

  * TextMemory
  * ReformatHtml
  * UpperCaseTags
  * PreserveTagCase
  * MaxAliases
  * AccessControl
  * SMTPHost
  * MailSender
  * SendMailCommand
  * MailCharSet
  * MailEncoding
  * CacheMaxDocMeta
  * CacheMaxInclude
  * CacheMaxImage
  * Locale

Parameters That Can Also Be Set in the FrontPage Explorer

  * NoClientImageMaps
  * ImageMapFormat
  * ImageMapURLPrefix
  * ScriptLanguage

Configuring Server Extensions Parameters

Some features of the FrontPage 98 Server Extensions can be
configured by setting server parameters in the Server Extensions
configuration file. On multi-hosted systems, the file is named
'<hostname>:port.cnf' where <hostname> is the fully qualified
domain name of the server. On a single-host system, the Server
Extensions configuration file is named weXXXX.cnf where XXXX
refers to the web server's port number. This file is stored in
the /usr/local/frontpage directory by default and can be edited
by the server administrator if changes are necessary. The syntax
for configuration parameters is parameter:value.

Default Server Extensions Parameters

The FrontPage 98 Server Extensions install with the following
parameters set as indicated. This default configuration
maximizes the host server's security.

NoExecutableCgiUpload

Initial value after installation: Non-zero. A non-zero value for
this parameter prevents the FrontPage 98 Server Extensions from
setting the execute bit on any CGI scripts that the customer
uploads to the web content area using FrontPage. On inspecting
the CGI script, the web presence provider can manually set the
execute permission, if desired. Changing this parameter value to
zero instructs the Server Extensions to automatically set the
execute bit on CGI scripts uploaded to the customer's cgi-bin
directory.

NoServerFilePipeTo

Initial value after installation: Non-zero. A non-zero value for
this parameter prevents the default (Save Results),
Registration, and Discussion FrontPage form handling components
from piping their output to any program. To let customers pipe
output to a specific list of executables, the parameter
ServerFilePipeToAllows should be set instead, and
NoServerFilePipeTo should be set to zero. The list of
executables specified by ServerFilePipeToAllows is ignored if
NoServerFilePipeTo is set to a non-zero value.

NoAbsoluteFileResults

Initial value after installation: Non-zero. A non-zero value for
this parameter forces the default (Save Results), Registration,
and Discussion FrontPage form handling components to write only
to a file within the customer's web content area. It prevents
these FrontPage Components from writing to an absolute file path.

NoServerFileResults

Initial value after installation: Non-zero. A non-zero value for
this parameter prevents the default (Save Results),
Registration, and Discussion FrontPage form handling components
from writing to the _vti_log directory in the customer's
document root (Setting the NoServerFileResults parameter to zero
can be useful to allow customers to save the output generated
from the Save Results, Registration, and Discussion FrontPage
Components to the _vti_log directory in the server's root web).
As a security measure, the author.log file in the _vti_log
directory records all authoring actions on the web when the
Logging parameter is set (see below). The non-zero value for
NoServerFileResults prevents an author from "covering his
tracks" by overwriting or modifying the author.log file.

Other Security-related Server Extensions Parameters

The following web configuration parameters are not included in
the default installation of the FrontPage 98 Server Extensions,
but can be added by editing the Server Extensions configuration
file. When set as indicated below, these options can increase
the overall security of FrontPage.

ComplexPasswords

A non-zero value for this parameter forces FrontPage to require
all FrontPage passwords be a minimum of eight characters,
including at least one non-alphanumeric character. Also, when
this parameter is set, the password cannot be a sub-string of
the username.

Logging

A non-zero value for this parameter causes all authoring
operations to be logged to the file author.log in the _vti_log
directory of the customer's document root. Each operation is
recorded with the current time, remote host, author's user name,
web name, operation performed, and the per-operation data. In
the event of a security breach, this log file can be analyzed
for authoring activity on the customer's web. Default value = 0.

ServerFilePipeToAllows

A space-separated list of programs to which the default (Save
Results), Registration, and Discussion FrontPage form handling
components can pipe their output. At installation time, the
FrontPage 98 Server Extensions set the NoServerFilePipeTo
parameter (see above) to a non-zero value so that these
FrontPage Components cannot pipe their output to any program.
Setting NoServerFilePipeTo to zero and then setting
ServerFilePipeToAllows to a list of programs provides additional
flexibility for piping output from the FrontPage Components.

Additional Server Extension Configuration Parameters

These Server Extension configuration parameters do not have an
effect on the security of FrontPage, but are relevant to
concerns that a Web presence provider may have.

TextMemory

Setting this parameter to zero turns off full-text indexing of
the web. A non-zero value allows you to specify the number of
megabytes of RAM to use during text indexing for hash-tables and
other data structures.

ReformatHtml

Setting this parameter to Y or a non-zero value will cause the
FrontPage 98 Server Extensions to reformat all HTML pages when
they are uploaded to the web server. Setting a zero value for
this parameter causes only pages with FrontPage Components to be
reformatted. Default = N

UpperCaseTags

A non-zero value for this parameter causes all HTML tags to be
converted to uppercase when the FrontPage 98 Server Extensions
reformat HTML pages. Default = 0

PreserveTagCase

When set to "Y" or a non-zero value, attempts to preserve the
case of HTML tag attributes when the FrontPage 98 Server
Extensions reformats HTML pages. Note that the tag itself will
always be upper- or lower-case according to the UpperCaseTags
attribute. Defaults to 0.

MaxAliases

This integer value limits the maximum number of aliases for NCSA
server. The default is no maximum for NCSA. (This does not
affect Apache servers.) This presumes that the NCSA server has
been recompiled with a higher limit on the number of aliases. If
this is not set, an error may occur after the fifth sub-web you
create.

AccessControl

When this parameter is set to zero, FrontPage AccessControl is
completely disabled. In general this is not recommended. Turning
off AccessControl requires that the access control on the
_vti_bin directories be set manually whenever a sub-web is
created. Until this is done, anyone can author against the web.
The advantage to AccessControl is that a knowledgeable webmaster
who has set custom access control permissions will not have work
re-written by FrontPage. This also causes the FrontPage Explorer
to disable the Permissions command on the FrontPage Explorer's
Tools menu. Default = 1.

SMTPHost

This parameter is set to the name or IP address of a host
running an SMTP daemon, such as sendmail on UNIX. When a user
submits a form whose results are to be sent via Email, the
FrontPage Server Extensions connect to the SMTP daemon to
deliver the mail. By default FrontPage assumes the daemon is
listening on port 25 (the standard for SMTP) but you can
override this by appending ":xx" to the name, where the xx is
the port to use. Normally you will set either SMTPHost or
SendmailCommand, but not both, because SendmailCommand takes
priority over SMTPHost. Examples:

SMTPHost:mail.example.microsoft.com

SMTPHost:test:10000

SMTPHost:127.0.0.1

MailSender

This parameter sets the user name to use as the "from" account
when sending Email. Specifically, it is used as the argument to
the "SEND FROM:" command in SMTP. The default for SMTP is
"user@host", where "user" is the current user account and "host"
is the current host name.

SendMailCommand

This parameter sets the name of a program to which Email should
be piped. Typically this will be sendmail, but it could be any
program. Before invoking the command, all occurrences of "%r"
are replaced with the recipient of the mail. The per cent sign
character followed by any other character is replaced by that
character. Example:

SendmailCommand:/usr/lib/sendmail %r

MailCharSet

This parameter can be used to override the character set
attribute of the content-type header.

MailEncoding

This parameter can be used to override the content transfer
encoding attribute of the content-type header.

CacheMaxDocMeta

This integer parameter sets the maximum number of documents in
the cache. The default value is 512 .

CacheMaxInclude

This integer parameter sets the size (in MB) of the include file
cache. The default value is 16.

CacheMaxImage

This integer parameter sets the size (in MB) of the image file
cache. The default value is 16.

Locale

The locale of a program determines such things as how dates and
times are formatted, and the collating order of strings. The
Server Extensions set their locale from their environment but
some UNIX http servers strip out the environment in CGI scripts.
If locale is set, the Server Extensions call the operating
system routine setlocale with that value as the second parameter
and LC_ALL as the first parameter. The following example changes
the locale to German:

locale:de

Parameters That Can Also Be Set in the FrontPage Explorer

The following parameters can be set in the FrontPage Explorer
under the Tools menu's Web Settings command in the  Advanced
tab. Using these parameters will set the defaults for the web,
however these settings will not be updated in the FrontPage
Explorer's user interface.

NoClientImageMaps

When this parameter is set to 1, it prevents FrontPage from
generating HTML that supports client-side image map processing.
By default, FrontPage can generate both client-side and
server-side HTML by not setting this parameter and by selecting
a server-side ImageMapFormat.

ImageMapFormat

This parameter sets the server image-map style. Valid parameters
include: FrontPage, NCSA, CERN, Netscape, or <None>. If you
select <None>, FrontPage will not generate HTML to support
server-side image map processing.

ImageMapURLPrefix

This parameter sets the server-relative URL of the server-side
handler for the selected image-map style. If style
(ImageMapFormat) is "FrontPage," server-side image maps are
handled automatically. For other styles, provide the name and
location of a handler.

ScriptLanguage

This parameter sets the scripting language for the scripts that
are automatically generated to enforce any data validation
settings you apply to form fields. Valid parameters include
VBScript, JavaScript, or None.

