Configuring Support for Database Integration with a Web Site
|Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.|
With Microsoft's SharePoint™ Team Services or Microsoft® FrontPage 2002 Server Extensions, Web authors can integrate a database with their Web site to incorporate live data into their Web pages. The database used for this feature is separate from any database already used by your Web server to support collaboration features such as Web document discussions or document libraries.
Web authors can incorporate data from any open database connectivity (ODBC)compliant database. The database can reside either on the Web server or on a remote database server. The SharePoint Team Services-compatible Web page editor, Microsoft FrontPage® 2002, provides drivers for:
Tab- or comma-delimited text files
Microsoft Excel spreadsheets
Microsoft Access files
the Microsoft Visual FoxPro® database development system
Inprise dBASE files
Corel Paradox files
Drivers for server-based databases include those for Microsoft SQL Server™ and Oracle.
All database connection information is stored in a file called Global.asa on the Web author's computer. If the database resides outside the author's FrontPage-based Web site, a data source name (DSN) is also required to connect to the database.
Using SharePoint Team Services or FrontPage Server Extensions, you can ensure that only users with administrative or authoring privileges for a Web site will be able to gain access to databases in that Web site.
The recommended location for file-based databases is in the fpdb folder in the FrontPage-based Web site. With SharePoint Team Services or FrontPage Server Extensions installed on the Web server, FrontPage automatically marks this folder as not browsable, scriptable, or executable. By default, when a new database is created, a Microsoft Access database is placed in the fpdb folder. When Web authors import an existing database to a Web site, the fpdb folder is created, if it does not already exist, and the file is uploaded to the fpdb folder or to a folder specified by the user. If the user chooses not to use the fpdb folder, the file is placed at the root of the Web site.
If the user places the database in a folder other than fpdb, the Component Errors report in FrontPage 2002 recommends moving the database to the fpdb folder for security reasons.
No additional database security is provided, beyond the security settings that already exist within the database. If a Web author creates a database, he or she must also configure the access restrictions within the database application and apply them to the database file. If access restrictions are not set within the database, a user with authoring or administrative rights to the Web site might be able to access and change the contents of the database.
If you are administering a SharePoint team Web site or FrontPage-based Web site, you can take the following steps to make databases in users' Web sites more secure:
In FrontPage 2002, in Reports view, check to see if any databases should be moved to the fpdb folder, and move them.
Use the database's built-in security mechanisms to restrict who can update the database content.
Check to see what database privileges are available to the account that Web authors are using. Generally, accounts should not need privileges beyond SELECT and UPDATE, which are used by FrontPage.
Setting configuration properties to support database features
SharePoint Team Services and FrontPage Server Extensions use several properties that you can set to configure how your Web server supports database features for a Web site. Because FrontPage's database integration relies on Active Server Pages (ASP pages), Web authors must be able to save ASP pages to the server. The configuration properties that affect database support are AllowExecutableScripts, ListSystemDSNs, NoExecutableCGIUpload, and NoMarkScriptable.
Note For a complete list of the properties you can set from the command line, see Command-line Properties.
When AllowExecutableScripts is turned on, Web site authors can execute programs and scripts, such as CGI scripts, ISAPI extensions, and ASP pages. However, for security reasons AllowExecutableScripts is turned off by default when you first install SharePoint Team Services. You must set AllowExecutableScripts to a non-zero value, either globally or for each virtual server where you want to allow Web authors to run scripts.
FrontPage 2002 lets Web authors list all the data source names (DSNs) on a server. This is a potential security hole because it exposes a list of resources. In addition, it is unlikely that the DSNs are password protected, because until SharePoint Team Services or FrontPage Server Extensions were installed on the server, the DSNs were not accessible from a Web page.
You can hide system DSNs by turning the ListSystemDSNs configuration property off, either globally or for each virtual server. This setting defaults to true when you first install SharePoint Team Services or FrontPage Server Extensions.
When NoExecutableCGIUpload is turned on, Web authors cannot upload files to folders whose scriptable (or executable) bit is set. NoExecutableCGIUpload is turned on by default when you install SharePoint Team Services or FrontPage Server Extensions, which means that Web authors cannot upload ASP pages to servers, such as Internet Information Services 3.0, that do not have separate scriptable or executable bits. You can turn the NoExecutableCGIUpload configuration property off, either globally or for each virtual server where you want to allow Web authors to be able to upload executable files.
When you install SharePoint Team Services or FrontPage Server Extensions, NoMarkScriptable property is turned off, which means that Web authors can change the "scriptable" attribute on a folder from FrontPage 2002. If you turn NoMarkScriptable on, either globally or for virtual servers, you must provide some scriptable folders for Web authors to be able to use the FrontPage database features and other ASP-based pages.
You can also turn NoMarkScriptable on or off for subwebs on a server. If you want to selectively turn database support on for customers who want it, but disallow database support for all other customers, you would turn off the NoMarkScriptable configuration property for the server, but turn it on for selected Web sites.
For more information about how to configure SharePoint Team Services by using properties, see Setting Configuration Properties.