MyBB Hacks / Coding / SSI Security Threat(s)?

 SSI Security Threat(s)?
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #2
RE: SSI Security Threat(s)?
SSI isn't inherently insecure.  Yes, disabling it will probably make your system more secure, just like switching your server off and never turning it on probably makes it even more secure (though not very useful).
If you're not using SSI, it's probably a good idea not to enable it is all.

As for system/exec etc calls, if there is no way for the user to directly affect the variable you're sending to the function, it's probably okay.  That's a "probably" though, there can be other factors, for example, if they can modify the underlying executable (though chances are, if they can do that, they can probably modify scripts too).
My Blog
12-20-2010 05:24 PM
Find all posts by this user Quote this message in a reply

« Next Oldest | Next Newest »

Messages In This Thread
SSI Security Threat(s)? - Firefox Wins - 12-20-2010, 03:58 PM
RE: SSI Security Threat(s)? - ZiNgA BuRgA - 12-20-2010 05:24 PM
RE: SSI Security Threat(s)? - Firefox Wins - 12-21-2010, 09:13 AM

Threaded Mode | Linear Mode
 Standard Tools
Forum Jump:



Contact Us | MyBB Hacks | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication