Are Server Side Includes A Security Risk?

A Server Side Include (SSI) is a piece of code you add to your html pages to create dynamic elements on the page. You can make entire pages dynamic or only small portions of it. You could go somewhere in between the minimal or the maximum.

An example of an SSI script is a clock that runs on your page allowing your visitors to keep track of the time as they read your information. That would be an example of a small SSI script. A larger script may update your information in real time as the reader is reading – for instance, like a weather chart, showing weather patterns as Mother Nature moves in force.

SSI scripts are best used in small amounts. If you want your entire page to be dynamic then you’re better off using another program to create the dynamic elements. The reason is because SSI is not secure in large doses. You could open yourself up to potential problems with the code.

Server Side Includes have their places. One common use for SSI scripts is in navigation menus where you have a common element on every page of your website. But you typically don’t want your entire page scripted with SSI.