[Javascript] ssi, layers, table alternative to frames
David T. Lovering
dlovering at gazos.com
Mon Apr 14 20:22:45 CDT 2003
As an added downside of SSI's -- they are NOTORIOUSLY insecure. When I first
started honing my teeth on browser exploits for my computer security training,
the very start of the discussion was on the many easy and exciting ways to
crack a system that had SSI's in place and operational. Although I've forgotten
much of what I learned during that series of CSI seminars, the frightening
simplicity of the exploits involved still sends shivers up my spine -- particularly
when I hear well-meaning folks relying on those self-same server-side includes
today. (Sort of the same frisson I get from finding someone enabling anonymous
FTP on a host that doesn't have backwards-path exclusion turned on).
When I look through the latest Apache "Black Book", it still warns against enabling
SSI's except for the simplest of things. Most military and government systems
have a flat-out edict against SSI's, period -- for precisely that reason. Next to
buffer-overflow exploits, SSI's are a hacker's (oops! I mean a "cracker's") best
friend.
-- Dave Lovering
P.S: I like frames too, and it took me a long time to learn to say that!
"McCoy, Thomas" wrote:
>
> I love frames. Seriously!
>
> *ducks to avoid flaming*
>
> I choose frames over SSI on the library's site because our server that
> processed the includes is SLOW... SSI processing added 3 seconds on each
> page load :( I might be in the minority (having an ancient server), but I'd
> test the load speed before committing to anything. The delay wasn't too
> noticeable until we went live... all those page requests made the server go
> chugga-chugga-chugga :(
>
>
> Sincerely,
> Thomas McCoy
> www.city.newport-beach.ca.us/nbpl/
>
>
> -----Original Message-----
>
> I'm sure you're already aware of the problems associated with using
> frames...
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
More information about the Javascript
mailing list