[Javascript] ssi, layers, table alternative to frames

Michael Dougherty Michael_Dougherty at PBP.com
Mon Apr 14 21:12:04 CDT 2003


suppose your "SafeInclude" file were overwritten with "CrackerTools" and
included into an otherwise 'friendly' web page?  My point is that by the
time the web designer/developer should be worrying about security failures
of a site compromised by a root kit, it's already too late.  Security should
be in place before the building starts, and then kept in mind throughout the
process; not added on like landscaping after the job is done.  I would have
been more concerned about this, but using IIS on Win2k means we are at risk
regardless of the implementation decisions we make for the site itself,
since the web server and OS are notorious in their own right. :)

-----Original Message-----
From: javascript at LaTech.edu [mailto:javascript at LaTech.edu]
Sent: Monday, April 14, 2003 9:53 PM
To: javascript at latech.edu
Subject: Re: [Javascript] ssi, layers, table alternative to frames


I presume if you have some kind of security code in each include it would
help?

<%
if not checkUser() then
  ' kick out
end if
'rest of include %>

>> More inherently insecure than unpatched software?  I can't understand
>how
>> SSI is any more dangerous in a controlled environment than any other
>kind
of
>> active content.  <!-- #include virtual="/inc/TooLazyToRetype.htm" -->
>> shouldn't be posing much security threat.
>http://url/crackers/utility.asp
>> would be a far worse thing to have running.  If this is listed as a
drawback
>> to using SSI, then i would suggest the administrator just disconnect the
>> ethernet from the box or turn it off altogether...
>>
>> "Just a thought"



_______________________________________________
Javascript mailing list
Javascript at LaTech.edu
https://lists.LaTech.edu/mailman/listinfo/javascript



More information about the Javascript mailing list