To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.off-topic.geekOpen lugnet.off-topic.geek in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Off-Topic / Geek / 545
544  |  546
Subject: 
 Re: Why are SSIs bad?
Newsgroups: 
 lugnet.off-topic.geek, lugnet.publish
Date: 
 Thu, 30 Sep 1999 17:53:11 GMT
Viewed: 
 483 times
  
Sproaticus:

I use SSI (server-side includes) a *LOT* on my Web pages.  They're extremly
powerful and versatile.  I'm almost a firm believer.

But I recall some folks warning about potential security holes and other
problems with SSI.  Rooting around the Web today, I haven't been able to
find these people.  Does anyone know why SSIs are bad?  Is there something I
should know about that isn't in the Apache docs?

I am not quite sure what security problems there are with
SSI.

My main reason for (mostly) not using SSI on published web
pages is that I suspect that it means that the pages won't
be stored by proxies. Is it possible to make server-side
processed pages appear as static pages when they are served?

Play well,

Jacob

      ------------------------------------------------
      --  E-mail:        sparre@cats.nbi.dk         --
      --  Web...:  <URL:http://www.ldraw.org/FAQ/>  --
      ------------------------------------------------



Message has 2 Replies:
  Re: Why are SSIs bad?
 
(...) My ISP (io.com) serves .shtml so they expire quickly (I believe but haven't tested), but .html files with the executable file attribute (using XBitHack) are served as if they were static, even with SSI code. I use the XBitHack approach. It's (...) (25 years ago, 30-Sep-99, to lugnet.off-topic.geek, lugnet.publish)
  Re: Why are SSIs bad?
 
(...) If you're the site admin, there's not a security problem. The security issue is with letting your _users_ use SSI, because those commands execute as the user which owns the web server. Which, if you don't trust your users, is a bad thing. (...) (25 years ago, 30-Sep-99, to lugnet.off-topic.geek, lugnet.publish)

Message is in Reply To:
  Why are SSIs bad?
 
Hey all, I use SSI (server-side includes) a *LOT* on my Web pages. They're extremly powerful and versatile. I'm almost a firm believer. But I recall some folks warning about potential security holes and other problems with SSI. Rooting around the (...) (25 years ago, 30-Sep-99, to lugnet.off-topic.geek, lugnet.publish)

8 Messages in This Thread:


Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR