SSI Security Threat(s)?

Firefox Wins · 12-20-2010 03:58 PM

The most secure way to operate is to disallow all SSI processing... ~Source

With 'private' (i.e. single-user not shared) hosting on a VPS or Dedi is using SSI less risky?*
*since secure file perms for individual users are not an issue?

(or try another way to ask)

If, for example, regarding this code:

PHP Code:

<?php   // This section is not a SSI...
            // This section is not a SSI...
require_once("./inc/local/local_vars.php");
define('IN_MYBB', 1);
require_once './global.php';
if($mybb->user['uid'] == 1) {
} else {
 error_no_permission();  } 

$command = "$rsyncpaths1";
system($command);
?>

'System', 'exec', etc. are often considered highly dangerous.
In the above code, no user input can effect the included $var(s) + only Super-admin can activate the little script, so...

1) Based on the info given:
That usage of 'system' commands is "safe", correct?

2) Also curious about SSI in general, should it be considered highly risky?
Thanks to anyone w/ security experience...

Threaded Mode \| Linear Mode Standard Tools
Forum Jump: View a Printable Version Send this Thread to a Friend Subscribe to this thread