[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] htaccess - details

Subject: Re: [cobalt-users] htaccess - details
From: "rks" <cobalt@xxxxxxxxxxxx>
Date: Sat Mar 16 05:44:07 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> If every .html page has an include file for a footer, then all it does
> it allow you to not use .shtml for all your pages, so it doesn't have
> any impact.

Just sharing what I read on apache.org --

http://httpd.apache.org/docs-2.0/misc/security_tips.html

--------snip--------
Server Side Includes (SSI) present a server administrator with several
potential security risks.
The first risk is the increased load on the server. All SSI-enabled files
have to be parsed by Apache, whether or not there are any SSI directives
included within the files. While this load increase is minor, in a shared
server environment it can become significant.

SSI files also pose the same risks that are associated with CGI scripts in
general. Using the "exec cmd" element, SSI-enabled files can execute any CGI
script or program under the permissions of the user and group Apache runs
as, as configured in httpd.conf. That should definitely give server
administrators pause.
--------snip--------

rks

References:
- RE: [cobalt-users] htaccess - details
  - From: Dan Kriwitsky

Prev by Date: Re: [cobalt-users] [OT] Resellers Control Panel
Next by Date: RE: [cobalt-users] [OT] Resellers Control Panel
Previous by thread: RE: [cobalt-users] htaccess - details
Next by thread: RE: [cobalt-users] htaccess - details

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index