12-20-2010, 03:58 PM
The most secure way to operate is to disallow all SSI processing... ~Source
With 'private' (i.e. single-user not shared) hosting on a VPS or Dedi is using SSI less risky?*
*since secure file perms for individual users are not an issue?
(or try another way to ask)
If, for example, regarding this code:
With 'private' (i.e. single-user not shared) hosting on a VPS or Dedi is using SSI less risky?*
*since secure file perms for individual users are not an issue?
(or try another way to ask)
If, for example, regarding this code:
PHP Code:
|
'System', 'exec', etc. are often considered highly dangerous.
In the above code, no user input can effect the included $var(s) + only Super-admin can activate the little script, so...
1) Based on the info given:
That usage of 'system' commands is "safe", correct?
2) Also curious about SSI in general, should it be considered highly risky?
Thanks to anyone w/ security experience...