FreeBSD Port: frontpage-

Joe Rhett jrhett at
Fri Apr 29 22:26:24 PDT 2005

On Fri, Apr 22, 2005 at 03:30:06PM -0500, Scot Hetzel wrote:
> The one difference that I know of between these two mod_frontpage
> ports, is that Improved mod_frontpage checks to see if we have been
> authenticated for the ADMIN and ADMINCGI urls.  When I added these
> checks to the RTR version (change FrontPageAlias to FrontPageNeedAuth
> for the ADMIN and ADMINCGI checks in the mod_frontpage.c patches), the
> mod_frontpage module was checking for authentication before the Apache
> 2.0 server requested authentication.
Actually, it's asking for authentication for things that apache doesn't ask
for authentication on.  This was broken by pathname changes in the
rtr-compiled versions of frontpage.  See my patches regarding this.

> What other significant security enhancements does Improved mod_frontpage have?
improved mod_frontpage has all of the security checks that are applied to
CGIs.  Last time I saw the rtr frontpage module, it was fairly easy to make
it run things it shouldn't have if someone left directory permissions too

I haven't compared them side by side in a while, and perhaps I should do
that before speaking further.

Joe Rhett
senior geek

More information about the freebsd-ports mailing list