| |
Jacob Sparre Andersen <sparre@sys-323.risoe.dk> wrote:
> I am not quite sure what security problems there are with
> SSI.
If you're the site admin, there's not a security problem. The security issue
is with letting your _users_ use SSI, because those commands execute as the
user which owns the web server. Which, if you don't trust your users, is a
bad thing.
> My main reason for (mostly) not using SSI on published web
> pages is that I suspect that it means that the pages won't
> be stored by proxies. Is it possible to make server-side
> processed pages appear as static pages when they are served?
Yes, you can configure your web server this way.
--
Matthew Miller ---> mattdm@mattdm.org
Quotes 'R' Us ---> http://quotes-r-us.org/
|
|
Message has 1 Reply:
 | | Re: Why are SSIs bad?
|
| [ FUT lugnet.publish ] Matthew: [...] (...) Would you care to give a lazy web site manager a hint for doing this with Apache? Play well, Jacob ---...--- -- E-mail: sparre@cats.nbi.dk -- -- Web...: <URL:(URL) -- ---...--- (25 years ago, 1-Oct-99, to lugnet.off-topic.geek, lugnet.publish)
|
Message is in Reply To:
| | Re: Why are SSIs bad?
|
| Sproaticus: (...) I am not quite sure what security problems there are with SSI. My main reason for (mostly) not using SSI on published web pages is that I suspect that it means that the pages won't be stored by proxies. Is it possible to make (...) (25 years ago, 30-Sep-99, to lugnet.off-topic.geek, lugnet.publish)
|
8 Messages in This Thread:
 
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
