[3399] in WWW Security List Archive
Re: SSI #exec
daemon@ATHENA.MIT.EDU (Rich Brennan)
Tue Oct 29 09:07:35 1996
Date: Tue, 29 Oct 1996 07:06:55 -0500 (EST)
From: Rich Brennan <brennan@ConnActivity.ConnActivity.com>
To: sameer@c2.net
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> In apache you don't need to do any hack. Rather than using
> "exec cgi" or "exec cmd" you can use "include virtual."
In NCSA, "include virtual" doesn't execute CGI scripts, and for Apache, it
won't execute CGI scripts if IncludesNOEXEC is specified.
See, I'd like to let CGI's execute in server side includes, but I don't want
users to be able to run any random program. That is why a hack *is* necessary.
Robert S. Muhlestein's suggestion sounds like it's exactly what I need.
Rich
