[Forgive me in advance for playing the comma police.]
On Thu, 4 Oct 2001, Allan Liska wrote: > + <p>Server Side Includes (SSI), present a server administrator with s/(SSI), present/(SSI) present/ > + in general. Using the "exec cmd" element, SSI-enabled files can execute > + any CGI script or program owned by the user and group Apache runs as, as > + configured in httpd.conf. That should definitely give server > + administrators pause.</p> Not exactly. Using "exec cmd", SSI-enabled files can execute any program that the Apache user has permission to run, regardless of who own it. > + There are ways to enhance the security of SSI files, while still taking > + advantage of the benefits they provide.</p> s/SSI files, while/SSI files while/ > + <p>To decrease the amount of damage a wayward SSI file can cause a s/can cause a/can cause, a/ > + separate extension, such as the conventional .shtml. This helps keep > + server load at a minimum, and increases security.</p> s/minimum, and/minimum and/ --Cliff -------------------------------------------------------------- Cliff Woolley [EMAIL PROTECTED] Charlottesville, VA --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]