httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James A Sutherland <ja...@cam.ac.uk>
Subject Re: HTML3.2 -> HTML4.0
Date Tue, 28 Nov 2000 18:58:28 GMT
On Tue, 28 Nov 2000, you wrote:
> James A Sutherland wrote:
> > 
> > Is there any reason for shipping like this, though?
> 
> Yes.  Because the core module can process them, and no additional
> modules need be loaded.

If this is a requirement, taking a "snapshot" of the pages would do, then
include the source in a tarball. Perhaps better to include a link to a proper
installation of the docs, though.

> > IMO, enabling them by default would be perfectly reasonable.
> 
> No.  Lots of people DO NOT want SSIs enabled, and certainly not
> by default.

Hrm... Personally, I'd provide a link to thttpd for people wanting a minimal
cutdown server which does nothing other than serving files :-)

> > It also provides a nice example for new users to see how SSI
> > works :-)
> 
> Then let them check out a tutorial.  Shipping something with
> pre-enabled functionality as far-reaching as SSI, particularly
> considering the security ramifications, is not a Good Idea.

I wouldn't rate SSI (with NoExec) as "far-reaching"; it seems pretty basic from
here. I would almost consider not enabling it to be a bug in the default
httpd.conf... At the very least, it should be more obvious (and simpler) to
enable.


James.

Mime
View raw message