httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lucid <lu...@secret.org>
Subject Server Side Include security question...
Date Thu, 13 Jun 1996 17:34:21 GMT
I am using a CGI script to generate a nav bar
the catch is that I want the nav bar to change
based on what section the luser is in.

I want to server side include this into html

I hacked on mod_include.c and got it working...

does anyone have security concerns about 
adding something to SSI like

<!--#exec cgi="/cgi-bin/navbar.cgi" query="area=1" -->

or would something like

<!--#exec cgi="/cgi-bin/navbar.cgi?area=1" -->

be better?
Or is this a big security hole waiting to happen??
Ideas?

Bill Morris
memetic Design
BMorris@memetic.com
800-647-3597

Mime
View raw message