[3397] in WWW Security List Archive
Re: SSIs
daemon@ATHENA.MIT.EDU (Robert S. Muhlestein)
Tue Oct 29 02:59:07 1996
Date: Mon, 28 Oct 1996 20:51:16 -0800 (PST)
From: "Robert S. Muhlestein" <robertm@teleport.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Someone suggested that using "include virtual" will work for CGI scripts.
My experience has been that when the IncludedNOEXEC is set that, contrary to
reason, this also deactivates calls to "include virtual" if the virtual is a
path to a CGI script. From www.apache.org:
IncludesNOEXEC
Server-side includes are permitted, but the #exec command and
#include of CGI scripts are disabled.
I was very excited to discover "include virtual" some time ago only to
meet with this disappointment. I would love to be wrong on this.
Someone please tell me if I am.
Thanks,
----------------------------------------------------------------------
Robert S. Muhlestein
Web Technologist
NIKE, Inc.
Work: robert.muhlestein@nike.com
Personal: rmuhle@q7.com
Old: robertm@teleport.com
(Opinions and comments are my own, not NIKE's.)
----------------------------------------------------------------------
