As the comic book webslinger says, with a great power comes a great responsability.

Some hosts surely think that they have no nerve to deal with users fool enough to make a script containing 'rm -rf ~' and putting it inside of <!--#exec >.

But the exact same risk exists with badly behaved perl scripts, and everybody and the parrot has been running .pl scripts without scandal.

I'd say that it's a cultural thing, like avoiding to walk under a staircase because they were prone to collapsing a couple thousands years ago.

loading SSI pages, I think, incurs more use of resources. If it's a cheaper host, they probably dont cost this into their pricing so limit its use or ban altogether. Most good moderately priced shared hosts with packages that include a band width and memory limit/charges, will not have any limitation - becuase you are paying for it already.

Others more technical than me, please feel free to state otherwise..

Yes Chiyo, but a trouble is that some hosts allow SSI but disallow the #exec directive, for security reasons.

As for the resources, I'd say that the hit of having .shtml can't be worst by itself than the .cgi, and would be more worrisome the content of the script: if the CGI calculates fast fourier transforms (and I've seen this happen) the performance hit for only calling an include would be negligible.

I am talking about a couple hundred hits an hour, and under heavy load and scripting on the front page things should be very different. But not enough to be more expensive than a cgi call, that's for sure.

Okay, this is something that I'm not 100% adept at talking about so please bear with me. I've been a (let me say it before everyone else does) Front Plague user since 1996. From the beginning I picked up on the Include Page Feature which works in a similar fashion to SSI but uses FP propriety tags and the FP extensions on the server.

Just recently, I switched over to using .asp and SSI as I'm migrating away from any FP bots in my code. All you geeks in here make me feel bad every time I bring up FP! Anyway, I'm not using .shtml or .cgi and have not seen much conversation about .asp. It would be much appreciated if someone could shed a little more light on this for me. I find the .asp includes work fine and have seen no performance issues whatsoever.

Are there any differences between using .shtml, .shtm, .cgi or .asp includes? And in relation to the topic of this thread, why couldn't you use the .asp instead of the .shtml and just not worry about hosting restrictions?

1. *nix servers do not have .asp capabilities.

2. The equivalent of .asp is .php, not cgi; even when both can be used for the same stuff.

3. I have never perceived the slightest performance degradation by using SSI. Most surely the load on my host server comes more from SQL and other services than from httpd. I keep on saying that performance degradation does not look like a reason to shut off SSI.