httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Woolley <>
Subject Re: [PATCH] security_tips.html
Date Fri, 05 Oct 2001 04:28:37 GMT

[Forgive me in advance for playing the comma police.]

On Thu, 4 Oct 2001, Allan Liska wrote:

> +    <p>Server Side Includes (SSI), present a server administrator with

s/(SSI), present/(SSI) present/

> +    in general.  Using the "exec cmd" element, SSI-enabled files can execute
> +    any CGI script or program owned by the user and group Apache runs as, as
> +    configured in httpd.conf.  That should definitely give server
> +    administrators pause.</p>

Not exactly.  Using "exec cmd", SSI-enabled files can execute any program
that the Apache user has permission to run, regardless of who own it.

> +    There are ways to enhance the security of SSI files, while still taking
> +    advantage of the benefits they provide.</p>

s/SSI files, while/SSI files while/

> +    <p>To decrease the amount of damage a wayward SSI file can cause a

s/can cause a/can cause, a/

> +    separate extension, such as the conventional .shtml.  This helps keep
> +    server load at a minimum, and increases security.</p>

s/minimum, and/minimum and/


   Cliff Woolley
   Charlottesville, VA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message