Sorry. I don't see a possibility of making FPSE available on IIS 7.0. MSFT was going to drop FPSE completely on IIS 7.0 but later on decide to port FPSE 2002 to work on IIS 7.0 WITHOUT any improvement on the extension. Rumor is that MSFT is going to outsource Frontpage extension development (or maybe sell it) to another development component. The main reason why we don't want to support FPSE on IIS 7 is because FPSE is a really old technology and it has a million bugs. FTP & HTTP upload should have pretty much the same performance. In most cases, we find that FTP is much faster than HTTP. As for the un-encrypted password, you can use FTP over SSL with IIS 7.0. See our KB for further instruction.
Is there any chance we could get the FrontPage extensions for IIS7 installed on the servers? Using ftp from here (Germany) is killing me - it takes about four or five minutes to open my server in VS2008, and it doesn't do this as a background process. Every compile is taking about three times as long as the previous server. If nothing else, the passwords for our logins are being transmitted in plain text over the internet and I would like to aviod that too. Microsoft and RTR have more information on the extensions for IIS7 here : http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1630
F.Y.I. - The IIS team is running a seriescalled: Life After FPSE: http://blogs.iis.net/robert_mcmurray/archive/2008/04/23/life-after-fpse-part-2.aspx
Thanks for the assistance on this Bruce, I appreciate the reasons for dropping FPSE now. Your faq doesn't mention how I can use Visual Studio securely however, and I have not yet been successful at connecting securely. Do you perhaps have WebDav enabled on the servers, or know of a way I can explicity connect with VS2008? As for the speed issue - this may also be tied into the latest patch of VS2008, which was supposed to increase the build speed, but may be background caching files it thinks are necessary for building which results in a longer load time. Kind Regards, Dave White
We are still testing webDav. IIS7 FTP support FTP over SSL but VS.NET doesn't support it yet. If you are really concerned about security, you may want to use a FTP client that support FTP over SSL like Filezilla (freeware). Bruce DiscountASP.NET www.DiscountASP.NET
Is there any update on how the testing of WebDav is working? Can we expect the functionality to be released soon? If its still in testing, can I help with that testing? (Located in Germany, server in UK etc) ? --Dave
We do not have the exact timeline yet. I'll post back here when webDav is ready to go. Bruce DiscountASP.NET www.DiscountASP.NET
I dont want FPSE either, but when using ftp, it would seem that the author's username and password are sent in clear text, therby creating a huge security nightmare. is there a secure way to publish, withou the use of FPSE?
iis7 supports FTP over SSL see http://kb.discountasp.net/article.aspx?id=10570 Bruce DiscountASP.NET www.DiscountASP.NET
I still think that's a kind of a cop-out answer Bruce. On a Microsoft server using asp.net, my chosen build environment is Visual Studio. Visual Studio does not support secure FTP connections. The only methods of connecting are WebDav and ftp (and FPSE of course). FTP is increbibly slow when you are connecting to a different country, and completely insecure. So my question is this. It has been six months since you said WebDav was in "testing". What has happened in that time, and are you getting close to release?
Hi Dave, You of course raise some good points about security but if you don't mind I'd like to chat about it. Microsoft does provide us with a warning in VS FTP dialogs that it is not secure. This is true. Ifwe use the Copy Website feature in VS we never need FPE. Sure we have an unsecure gap in our transfer but is there really a risk? I won't argue it's possible, not at all, just that it for the most part is unlikely. Wrong? Just chatting... Mark Wisecarver
we put web dav on hold for a little bit because 1) Lack of demand 2) it requires us to update our control panel to enable this feature. 3) Other priorities like SQL 2008. We'll look into this again in Q4. Thanks. Bruce DiscountASP.NET www.DiscountASP.NET
Thanks for the answer Bruce, I appreciate it. Perhaps in future it would be possible to publish a page somewhere with a list of what you are and aren't working on, with regards to specific features that have been requested / discussed on the boards? Mark, of course I don't mind if we talk about it - I'm looking for solutions, not necessarily the "right" way of doing it. While your solution would work, it requires that I have a local copy of my site that I can work on, or a dev server at home. While I can and do in fact have both, it doesn't really suit me with this domain to do it this way. Forget that its not good coding practice to work on a live site - this is simply my method of working on this site. I'm not trying to break the rules, nor do anything strange. This is simply how the application (VS2008) works, and was designed to work. Bruce, I hope you don't think I'm being a pain in the ass either - its just that I have spent a very long time looking for a host as good as you guys are and I simply want to maximise my experience. Cheers, Dave
No problem.. we take customer suggestions very seriously. However, due to resource limitation, we can only work on so many projects at the same time and we have to prioritize them based on customer demand as well as business demand. Bruce DiscountASP.NET www.DiscountASP.NET
Hello, I have been trying to acces my site via FTPES ? FTP over explicit TLS/SSL, as recommended by your Q10577 - INFO: How to set up FileZilla to use FTP over SSL article. I can not seem to get this to work. I can ftp normally, but I need a more secure option. Is WebDav still on hold? Here is the log from my filezilla client. I put the asterisks in for the sake of posting, I can give the actual info in a private msg, if anyone think it necessary. Status: Resolving address of ftp.******.com Status: Connecting to **.**.***.*:21... Status: Connection established, waiting for welcome message... Response: 220-Microsoft FTP Service Response: 220 DiscountASP.net FTP Command: AUTH TLS Response: 234 AUTH command ok. Expecting TLS Negotiation. Status: Initializing TLS... Status: Verifying certificate... Command: USER 000****|********* Status: TLS/SSL connection established. Response: 550 No such host is known. Error: Could not connect to server Status: Waiting to retry... Thanks! alpinfish
You probably used the wrong username. Check the account info page in the control panel, you should be able to find the FTP user there. The username should be in this format [CustomID]|[control panel login] Bruce DiscountASP.NET www.DiscountASP.NET
Since we're talking about security, I'll just throw something else out there. The fact is, very, very few compromises are made these days by sniffing network packets. It's not an efficient way to steal information. It's much easier to drop a keylogger onto 10,000 computers and have the logs emailed to yourself every day,then parse them with a simple script to look for logins. Or send phishing spam that claims to be from a bank, or many other methods that I'm sure most of you have heard about. In ye olden dayes, before traffic on most networks was measure in gigabits, sniffing was the preferred method of getting your information, but those days are long gone. The horsepower required to parse the traffic in real time is way beyond the reach of the typical bad guy. And again, they have found much more efficient and fruitful ways of stealing information. Is it possible for someone to target you specifically and monitor your network traffic? Sure. But you have to ask yourself if it is probable. What is much more likely is that someone will gain your information by tapping in to your local computer, in which case a secure connection is meaningless. And in the event that they did get onto your computer, you can be pretty sure that they are not looking for FTP logins. They are looking for logins with some dollar signs attached; banks, credit cards, PayPal, etc. Not saying any of this in relation to (or in defense of) anything we are working on here, it's just a general comment. -- Dave White, we are in the process of launching a blog, and it may contain some of what you're looking for. Updates on what we're working on around here, what the plans are, etc. We hope to strike a balance between valuable technical information and a bit of behind the scenes, get-to-know-us kind of stuff. Good blogs require a lot of care and feeding (and a little luck), but we're going to give it a shot. Stay tuned for more info as it progresses.
