httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: mirrors and SSIs
Date Wed, 02 Jul 1997 14:33:54 GMT
> On Tue, 1 Jul 1997, Ben Laurie wrote:
> 
> > Dean Gaudet wrote:
> > > 
> > > No this is the wrong answer.  I, for example, refuse to run CGIs or SSIs
> > > that I download automatically from taz... and I trust Brian.  Requiring
> > > mirrors to run SSI or CGI means that a compromise of taz can be a
> > > compromise of every single mirror site.
> > 
> > Hang on - isn't SSI with no exec supposed to be safe?
> 
> Define safe.
> 
> <!--#include file="/etc/passwd">
> 
> Safe, yes.  Safe, no.

That does not work.






Mime
View raw message