FreeBSD Port: frontpage-5.0.2.2623_1

[Scot Hetzel]

> So clarify for me again why this is better?
> 
> It seems that adding the submitted patches (4 months old now?) to the
> improved mod_frontpage would be better than trying to back-hack these
> things into the rtr version of the module.  Improved mod_frontpage has
> other significant significant security enhancements as well.
> 
The mod_frontpage*-rtr ports work on both apache 1.3 and 2.0.  But
Improved mod_frontpage only works on apache  1.3.  And it looks as
thou a version for Apache 2.0 of the Improved mod_frontpage is not
going to be developed.

http://sourceforge.net/forum/forum.php?thread_id=757575&forum_id=160311

I only added the options so that users who were using the Improved
mod_frontpage port and switched to Apache 2.0 and mod_frontpage2-rtr
port would have the same ability to control the use of the Frontpage
extensions on their servers.

The one difference that I know of between these two mod_frontpage
ports, is that Improved mod_frontpage checks to see if we have been
authenticated for the ADMIN and ADMINCGI urls.  When I added these
checks to the RTR version (change FrontPageAlias to FrontPageNeedAuth
for the ADMIN and ADMINCGI checks in the mod_frontpage.c patches), the
mod_frontpage module was checking for authentication before the Apache
2.0 server requested authentication.

Without using the FrontPageNeedAuth check in the RTR mod_frontpage
module, I could only administrate, or author a FrontPage enabled web
site, sub web, or access admin pages after entering my authentication
information.

What other significant security enhancements does Improved mod_frontpage have?

Scot