Things to Know about SSIs
How to create SSIs
Security Issues with SSIs
- The exec form of SSIs are a major security hole - process is running
as user that runs the web - in most cases root.
- For NCSA httpd, you can disable them by placing the statement
in access.conf under the directory control area.
- Don't allow users to have areas where execs can run.