Server-Side includes is an NCSA standard that allows users to create documents that provide simple information to clients on the fly. Such information can include the current date, the file's last modification date, and the size or last modification of other files. In it's more advanced usage, it can provide a powerful interface to CGI and /bin/sh programs.
SSI means basically that your document will be parsed by the server for special SSI tags before producing output to the client. Alkaline partially supports the SSI standard.
Full details about the original server-side includes can be found in the NCSA SSI tutorial at http://hoohoo.ncsa.uiuc.edu/docs/tutorials/includes.html .
Alkaline has a limited support for SSI. This support is only partially compliant with the SSI standard for various reasons, mainly because Alkaline's template usage policy is already very restrictive and only the administrator can decide which person/document to trust.
Several security issues that might have heavy impact should be considered and it is advised that SSI are enabled in last resort with a permanent consideration about what enabling SSI will imply in terms of server stability and security compromise. It is still clear that SSI is not a security issue if everything is done properly.
To enable SSI with Alkaline, you should include --ssi or --EnableSsi to the command line. The default behavior of Alkaline is that SSI are disabled.
If SSI are enabled, Alkaline will look for special SSI tags and attempt to execute them on all generated template pages (search results). Thus SSI tags can of course be included on template pages only.
The fact that searched documents have SSI code in them will not influence any behavior in Alkaline as such code is discarded by the parser.
SSI tags can contain Alkaline search variables from the <!--SEARCH-GENERAL expression--> tag. Alkaline will process the full SSI string between <!--# and --> for options such as $search, which will be replaced by their values before being handled to the SSI processor.
An SSI tag has the following format:
<!--#name operation=command ...--> |
Include a document contents into the resulting page at the location of the include tag. If the document does not exist, an error will be produced.
To specify a proxy server for the retrieval of a virtual document you must use the Proxy option in global.cnf.
Unlike the SSI definition, Alkaline will not check for localness of documents, the URLs and the local paths can be anything. Alkaline will neither verify the content of the documents.
Example:
<!--#include file="c:\alkaline\asearch.cnf"--> <!--#include virtual="http://www.vestris.com/index.html"--> |
Show a formatted size for each file in the list.
Example:
<!--#fsize /bin/asearch--> |
Similar to fsize, show the creation/modification date for a file. Unlike under the SSI definition, only the fixed locale formatting is available.
Example:
Alkaline server compiled: <!--#fcreated /bin/asearch--> |
Execute a local command or retrieve a remote document/cgi.
This is a dangerous command. The user that can modify the template file can run any command with the rights of the running Alkaline. Such a user can destroy valuable data!
Unlike the SSI definition, Alkaline will not check for localness of documents, the urls and the local paths can be just about everything. But unlike for the include command Alkaline will verify that remote documents return a text/* mime format.
Example:
<!--#exec cmd="chkdsk"--> <!--#exec cgi="http://server.com/cgi-bin/test"--> |