From owner-freebsd-questions Thu Aug 28 08:23:16 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id IAA03953 for questions-outgoing; Thu, 28 Aug 1997 08:23:16 -0700 (PDT) Received: from cerberus.partsnow.com (gatekeeper.partsnow.com [207.155.26.98]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA03942 for ; Thu, 28 Aug 1997 08:23:13 -0700 (PDT) Received: (from bin@localhost) by cerberus.partsnow.com (8.8.5/8.6.9) id IAA00832; Thu, 28 Aug 1997 08:23:57 -0700 (PDT) X-Authentication-Warning: cerberus.partsnow.com: bin set sender to using -f Received: from pcconsole(192.168.100.254) by cerberus.partsnow.com via smap (V2.0) id xma000829; Thu, 28 Aug 97 08:23:50 -0700 Message-ID: <34059766.63D0@PartsNow.com> Date: Thu, 28 Aug 1997 08:21:10 -0700 From: Don Wilde Reply-To: don@PartsNow.com Organization: Soligen, Incorporated X-Mailer: Mozilla 3.0 (Win16; I) MIME-Version: 1.0 To: spork CC: questions@FreeBSD.ORG Subject: Re: Server Side Includes References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk spork wrote: > > You should be careful where you put SSI... > > Especially if you have any pages (such as a guestbook) that allow users to > "create" html on the fly. It's rather simple for someone to include an > SSI directive in their bulletin board post. That command could do all > sorts of nasty things, such as rm -rf /, /usr/X11R6/bin/xterm, etc... > > Charles Sure, and indeed it can. Web programming is always 'programmer beware', or should that be 'sysadmin beware!'. -- oooOOO O O O o * * * * * * o ___ _________ _________ ________ _________ _________ ___==_ V_=_=_DW ===--- Don Wilde [don@PartsNow.com] [http://www.PartsNow.com ] /oo0000oo-oo--oo-ooo---ooo-ooo---ooo-ooo--ooo-ooo---ooo-ooo---ooo-oo--oo