Microsoft KB Archive/190757

{| The information in this article applies to:
 * width="100%"|
 * Microsoft Visual InterDev, version 6.0

SYMPTOMS
Any user that is authenticated for authoring against a source controlled FrontPage or Visual InterDev Web application is allowed to disconnect the source control system from that Web application. The source control database's user list is not consulted to make sure that the user should be allowed to perform that operation.

CAUSE
Each FrontPage Web contains a copy of Author.dll. All source control operations performed on that Web will go through this DLL. Therefore, anyone who has rights to Check In files will have the necessary rights for changing the Web's source control status.

RESOLUTION
Both Visual InterDev and FrontPage have a Web Permissions dialog box that allows administrators to change who is allowed authoring rights to the Web. Follow these steps to do this in Visual InterDev:


 * 1) Select Web Permissions from the Project menu's Web Project submenu.
 * 2) On the Settings tab, make sure that your Web application is set to use unique permissions. You will need to Apply that change before you will be allowed to switch to any of the other tabs.
 * 3) On the Users and Groups tabs, remove the Author permissions from anyone that you don't want authoring against your Web.

STATUS
Microsoft is researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.

MORE INFORMATION
Your source control database is not aware of your master Web application. Rather, the FrontPage Server Extensions emulate source control users when performing source control operations. Thus, when you disconnect your Web from source control, you are really just telling the Server Extensions to stop passing information to the database. This operation will not change anything within the database, so it is not necessary for the user to be a member of the source control database's user list.

If your Web server is using an unsecured file system like FAT or FAT32, there will not be any way to specify which users have rights to Author.dll. In this situation, your Web site cannot be secured against any authors.

Steps to Reproduce Behavior
There are a number of scenarios where this can be seen. Here's one of the simpler ones:


 * 1) Open a source controlled Web in Visual InterDev or FrontPage.
 * 2) Open your source control database's user list and remove your username.
 * 3) Back in your Web authoring tool, attempt to disconnect your Web project from source control.

The operation will succeed.
 * }

-

Last reviewed: August 5, 1998

© 1998 Microsoft Corporation. All rights reserved. Terms of Use.