What about handling FP extensions?

Hi Jack,

We are not at all enthusiastic about supporting FrontPage extensions for a number of reasons. The most important two being that it is historically a source of security problems and the maintenance history has been spotty (i.e. it is quite frequently impossible to build against the latest Apache version for several weeks or months until a new FP extensions release is made, so if we take responsibility for FP extensions, we're taking on a problem that is well outside of our control). That said, if customers want it, we'll support it. That's the beauty of a commercial product...we have to do what paying customers say we should do.

What parts of FP extensions are you using? There are alternatives that are standards-based, secure, and work seamlessly with FrontPage, for some of the features of FP extensions. It just depends on what you're after, as to whether the extensions are a headache you really need to take on.

I too would like to see support for FP Extensions (actually I wouldn't, but my customers would). We currently run Sun Cobalt RaQ's that support them and we have many customers that use them. Also, Cpanel and others offer FP support.

I must concur..

I have quite a few customers that use frontpage..

I really havent had any problems with the latest extensions from RTR..

The question remains:

What parts of FrontPage Extensions are being used? I will start work on supporting them, regardless of the answer, but there are much better options that work seamlessly with FrontPage for most of the functions of the extensions. I'd like to provide those better options, even if we start offering FP Extensions (with big flashing warnings about the problems with FP Extensions).

For example, if your customers are only using the "publish" option, this can already be achieved just as effectively with DAV (which we support already, but not necessarily in a way targetted to use with FrontPage--I will document this and provide a video tutorial on use of this this weekend, so this aspect is no longer mysterious). DAV is historically more secure, does not break SuExec (which FP Extensions do), and won't be EOL'ed in 2006 (as it appears FP Extensions will be). As far as I know this is primarily what people mean when they say they want FrontPage Extensions. And when I say seamlessly, I mean this can be just as easily configured by your users as the current publish feature, using the standard configuration options. Nothing fancy or out of the ordinary at all. I'm really not talking about retraining your users--I know that is not an option.

The live webpage stuff in FrontPage is horrible and horribly limited, but slightly more difficult to replace than the Publish function. But I bet we could come with some way around it that would look the same to the end user. If you've got users using them, let me know what bits are in use, and I'll see what I can do.

As I've mentioned, I will do what customers want, but I feel downright guilty about including them because there are so many major problems with using FP Extensions. Supporting them or not isn't a technical issue--it's relatively easy to add support. But it opens up a whole slew of questionable security practices, for what seems like a single useful feature. But I'm willing to be wrong about what the useful features of FP Extensions are.

Most of my clients that use Frontpage are simply using it because it's "easy" to create and publish pages. A few of them might use it to add a counter to their page or maybe a form that sends an email.

I may prefer using the DAV method instead. I'm not familiar with it, but would like to learn more about it. If the FP Extensions are being EOL'd and it opens up more security risks then I'm willing to drop FP support when I start migrating my users. There's not much sense in me trying to get support for a feature that's going to die off soon anyways.

I personally hate fp extensions. hehe.

BUT, I have clients who use the web bots for contact forms, page stats, etc.

It is a huge selling point for many hosting clients. Mostly for the masses who aren't interested in paying someone to design a site... they buy front page... and build a site like they would in word... and FP lets them do "advanced" things that otherwise would take a cgi script of sorts.

For example, if your customers are only using the "publish" option, this can already be achieved just as effectively with DAV (which we support already, but not necessarily in a way targetted to use with FrontPage--I will document this and provide a video tutorial on use of this this weekend, so this aspect is no longer mysterious).

I'd never HEARD of Dav till Joe told me ( must go look for this tutorial)

DAV is historically more secure, does not break SuExec (which FP Extensions do), and won't be EOL'ed in 2006 (as it appears FP Extensions will be). I'm really not talking about retraining your users--I know that is not an option.

I've been breaking users out of the nasty habit for years. I'm security paranoid. I simply tell them WHY NOT. In a nutshell: anyone that offers them is definitely not security conscious! We protect you and us!
THEN I give them a *free* easy-2-use replacement.

Cheers!

Personally, I could not care less about FP extensions. I have a really easy solution for users that 'require' them:

- I recommend they use a different web developer
- I ask them what EXACTLY they need to do with them (for the most part, they 'require' them because their brother's third cousin's dog walker ("who is a PC wizard") said they needed them)
- I advise them of the issues with FP (including that they will be EOL'd next year)
- I suggest more standards based solutions.
- then I tell them that I simply won't support FP extensions. Period.

Usually, they then leave to seek out another host, and I have one less problem to deal with.

Half of these folks then eventually return after a few months, because the very problems I told them about happened.

Either way, most of the people I host are on Macs, so by design, I eliminated the problem of FP extensions.

Just have the will to say 'no', for your own benefit.

Harry

Harald,

Turning away a large portion of idiots simply because they want to use FP is not good business.

To be competative FP needs to be included as an option. By default we don't have to install the extensions on each account. But for those who require them, the option is important.