[Forgive me in advance for playing the comma police.]

On Thu, 4 Oct 2001, Allan Liska wrote:

> +    <p>Server Side Includes (SSI), present a server administrator with

s/(SSI), present/(SSI) present/

> +    in general.  Using the "exec cmd" element, SSI-enabled files can execute
> +    any CGI script or program owned by the user and group Apache runs as, as
> +    configured in httpd.conf.  That should definitely give server
> +    administrators pause.</p>

Not exactly.  Using "exec cmd", SSI-enabled files can execute any program
that the Apache user has permission to run, regardless of who own it.

> +    There are ways to enhance the security of SSI files, while still taking
> +    advantage of the benefits they provide.</p>

s/SSI files, while/SSI files while/

> +    <p>To decrease the amount of damage a wayward SSI file can cause a

s/can cause a/can cause, a/

> +    separate extension, such as the conventional .shtml.  This helps keep
> +    server load at a minimum, and increases security.</p>

s/minimum, and/minimum and/


--Cliff

--------------------------------------------------------------
   Cliff Woolley
   [EMAIL PROTECTED]
   Charlottesville, VA




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to