www-mirrors mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@hyperreal.org>
Subject SSI
Date Sun, 06 Jul 1997 23:37:57 GMT

I see an oversight on our part in how-to-mirror.html was not mentioning
that many pages (if pulled down via FTP) contain server-side includes.
Currently it's only used for headers & footers, and I don't forecast it
expanding much beyond that, but we saw that not all sites out there had at
least "IncludesNoExec" turned on so we were wondering what folks thought
about enabling that.  There should be no security problems, as
"IncludesNoExec" prevents running of local commands or CGI programs, and it
also will only include files in the same directory or lower, so there's no
worry about "#include file='/etc/passwd'" or something.  

What do you think?


"Why not?" - TL                brian@organic.com - hyperreal.org - apache.org

View raw message