I see an oversight on our part in how-to-mirror.html was not mentioning
that many pages (if pulled down via FTP) contain server-side includes.
Currently it's only used for headers & footers, and I don't forecast it
expanding much beyond that, but we saw that not all sites out there had at
least "IncludesNoExec" turned on so we were wondering what folks thought
about enabling that. There should be no security problems, as
"IncludesNoExec" prevents running of local commands or CGI programs, and it
also will only include files in the same directory or lower, so there's no
worry about "#include file='/etc/passwd'" or something.
What do you think?
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Why not?" - TL [EMAIL PROTECTED] - hyperreal.org - apache.org
