To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.off-topic.geekOpen lugnet.off-topic.geek in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Off-Topic / Geek / 547
    Re: Why are SSIs bad? —Matthew Miller
   (...) If you're the site admin, there's not a security problem. The security issue is with letting your _users_ use SSI, because those commands execute as the user which owns the web server. Which, if you don't trust your users, is a bad thing. (...) (25 years ago, 30-Sep-99, to lugnet.off-topic.geek, lugnet.publish)
   
        Re: Why are SSIs bad? —Jacob Sparre Andersen
   [ FUT lugnet.publish ] Matthew: [...] (...) Would you care to give a lazy web site manager a hint for doing this with Apache? Play well, Jacob ---...--- -- E-mail: sparre@cats.nbi.dk -- -- Web...: <URL:(URL) -- ---...--- (25 years ago, 1-Oct-99, to lugnet.off-topic.geek, lugnet.publish)
   
        Re: Why are SSIs bad? —Matthew Miller
   (...) Check in your httpd.conf for this: # CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each # document that was negotiated on the basis of content. This asks proxy # servers not to cache the document. Uncommenting the (...) (25 years ago, 1-Oct-99, to lugnet.publish)
   
        Re: Why are SSIs bad? —Jacob Sparre Andersen
   Matthew: (...) Hmm? This sounds more like it is related to content negotiation, which among other things is used to deliver documents in a language the reader understands. Does it mean that proxy servers don't know about content negotiation? (...) (...) (25 years ago, 1-Oct-99, to lugnet.publish)
   
        Re: Why are SSIs bad? —Matthew Miller
   (...) Actually, I think you're right. Sorry -- too early in the morning. Or late at night. Whenever it was when I wrote that. Disregard what I said. :) I just tested, and it looks to me like Apache isn't setting "Pragma: no-cache". So I think what (...) (25 years ago, 1-Oct-99, to lugnet.publish)
 

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR