Microsoft KB Archive/293512

= Description of FTP and anonymous access with the server extensions installed =

Article ID: 293512

Article Last Modified on 7/6/2007

-

APPLIES TO


 * Microsoft FrontPage 2002 Server Extensions
 * Microsoft SharePoint Team Services
 * Microsoft FrontPage 2000 Server Extensions

-



This article was previously published under Q293512



SUMMARY
When you configure a Web site with the server extensions, security will be managed through the server extensions. There are several places in the Web site where the anonymous account or some groups with equally broad membership will have write access. Under normal circumstances, this is not a problem. This is because the only way to write to the site is by using FrontPage, which forces authentication before access is allowed. When you also have an FTP site configured to use the same file path and to allow anonymous access to the FTP site, the situation changes.



MORE INFORMATION
If both anonymous and write access are allowed to the FTP site, those folders to which the anonymous account has write access can be used as a storage location, without the site owner having knowledge of this. Sensitive files, such as the Global.asa file, which can contain passwords in clear text, will be exposed.

NOTE: This is not a security problem with the server extensions. They are not designed to work in this type of environment.

