[3199] in WWW Security List Archive
RE: FrontPage -- impressions?
daemon@ATHENA.MIT.EDU (Michael Brennen)
Fri Oct 11 01:31:05 1996
Date: Thu, 10 Oct 1996 21:42:09 -0500 (CDT)
From: Michael Brennen <mbrennen@fni.com>
To: Michael Mathieu <mikemat@microsoft.com>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <c=US%a=_%p=msft%l=RED-86-MSG-961010192803Z-17302@mail2.microsoft.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Thu, 10 Oct 1996, Michael Mathieu wrote:
> The most up to date information can be found on
> http://www.microsoft.com/frontpage. This has a link to the Microsoft
> FrontPage Web Presence Providers Kit. Among the information there is a
> whitepaper on Unix security and CGI (FrontPage server extensions are
> just CGI apps.) That will probably answer all the questions that might
> come up. If not, there's always email...
"...just CGI apps?"
phf is "just a CGI app".
I won't install it because I don't trust it. MS has a demonstrated track
record of generally poor regard for security concerns, and absolutely no
reassurances by MS, whitepaper or otherwise, will convince me otherwise.
Your casual phrase "just CGI apps" is just one more instance of the
generally cavalier attitude that comes across from MS. Quite frankly, I
don't think MS cares about my site security except to the extent that they
think they must to get me to install the stuff.
This is not meant to be a personal flame or just another rant about MS.
This is genuinely how I feel after closely following security issues for a
couple of years.
Release the source and let it be put under scrutiny -- you might get
further toward gaining the trust of those who take security seriously.
-- Michael
