Date: Thu, 28 Aug 1997 08:21:10 -0700 From: Don Wilde <don@PartsNow.com> To: spork <spork@super-g.com> Cc: questions@FreeBSD.ORG Subject: Re: Server Side Includes Message-ID: <34059766.63D0@PartsNow.com> References: <Pine.BSF.3.96.970827230301.22473A-100000@super-g.inch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
spork wrote: > > You should be careful where you put SSI... > > Especially if you have any pages (such as a guestbook) that allow users to > "create" html on the fly. It's rather simple for someone to include an > SSI directive in their bulletin board post. That command could do all > sorts of nasty things, such as rm -rf /, /usr/X11R6/bin/xterm, etc... > > Charles Sure, and indeed it can. Web programming is always 'programmer beware', or should that be 'sysadmin beware!'. -- oooOOO O O O o * * * * * * o ___ _________ _________ ________ _________ _________ ___==_ V_=_=_DW ===--- Don Wilde [don@PartsNow.com] [http://www.PartsNow.com ] /oo0000oo-oo--oo-ooo---ooo-ooo---ooo-ooo--ooo-ooo---ooo-ooo---ooo-oo--oo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34059766.63D0>