[thelist] Advisablitity of SSI

Timothy J. Luoma luomat at operamail.com
Fri Sep 19 15:24:59 CDT 2003


On Fri, 19 Sep 2003 16:12:23 -0400, Maisha Walker <maisha at e-vent.org> 
wrote:

> I've also heard rumors about security problems with SSI - anyone have any
> thoughts refuting or validating this concern?

I've heard that as well.  I don't know if it is valid, but the idea is 
that you could 'exec rm' or some other thing.  Sounds like something that 
shouldn't be possible.  If I am a user I shouldn't be able to delete 
anything but my own files.... and if I want to do it via a webpage, well, 
that's my own business.

That said, I found it much easier to find a host that supported PHP than 
SSI so I just started doing my includes that way.

FWIW

TjL




More information about the thelist mailing list