Once upon a time, Gerald Waugh <[EMAIL PROTECTED]> said: > SSI is not CGI, turn SSI off, its in the GUI site-settings > Uncheck Enable Server Side Includes
And, as I've pointed out before, all of those cute little checkboxes are useless. If I want to use SSI, all I have to do is put: AddType text/html .shtml AddHandler server-parsed .shtml in an .htaccess file. For CGI, it is: AddHandler cgi-wrapper .cgi or (if you don't want your scripts to run under cgiwrap - that way they'll run as the default web server user as well): AddHandler cgi-script .cgi If you turn off telnet, I can write a CGI to do what I want (if I want to be fancy, I'll run X on my desktop, upload ssh and xterm if they aren't installed, build a tunnel back to my desktop, and open an terminal window). IIRC, you can even load mod_perl handlers into the web server (which may open up things such as the SSL private keys to all hosted sites - I haven't tried it, but it should be possible since mod_perl runs in the server space). Face it, any user with a site on a RaQ can do pretty much whatever they want and look at whatever they want. -- Chris Adams <[EMAIL PROTECTED]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
