Specifying Whether a Web Server Should Allow the CMD Command to Be Used for SSI #exec Directives
InstallShield 2020 Express Edition
Edition:The Express edition of InstallShield includes support for installing only one Web site per installation.
The following editions of InstallShield support the creation of more than one Web site per installation. These editions also include support for managing IIS application pools and Web service extensions:
| • | Premier |
| • | Professional |
In addition, the Premier edition of InstallShield includes an IIS scanner that checks an existing IIS Web site and records data about the settings for the Web site, its virtual directories, its applications, and its application pools. You can import that IIS data into the Internet Information Services view in InstallShield Premier Edition. Once you have imported the IIS data into a project, you can use the Internet Information Services view to make changes to the IIS settings as needed.
Server-side include (SSI) directives instruct a Web server to insert content into a Web page. The #exec type of directive enables the Web server to include the output of a shell command in a Web page.
You can configure an IIS Web server to prevent the CMD command for the #exec directive from being used to execute shell commands, or you can configure it to allow the CMD command to be used to execute this type of command. The SSIEnableCmdDirective registry value for the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters registry key is what determines whether the CMD command is permitted.
InstallShield lets you specify how your installation should configure the SSIEnableCmdDirective registry value on target systems. If you do not want your installation to change the SSIEnableCmdDirective registry value, you can also specify that.
Because of security concerns, the default SSIEnableCmdDirective registry value is FALSE (0); the FALSE (0) value prevents end users from running unauthorized server-side executable files.
To specify whether a Web server should allow the CMD command to be used for SSI #exec directives:
| 1. | In the View List under Configure the Target System, click Internet Information Services. |
| 2. | In the center pane, click the Web Sites explorer. InstallShield displays the Web server settings in the right pane. |
| 3. | For the SSIEnableCmdDirective registry value setting, select the appropriate option: |
| • | Ignore—Do not change the SSIEnableCmdDirective registry value on the target system. This is the default option. |
| • | FALSE (0)—Set the SSIEnableCmdDirective registry value on the target system to 0. This prevents the #exec CMD directive of server-side includes to be used to execute shell commands. Note that if you select this value and an IIS Web server has applications that rely on #exec CMD directives, those applications may stop working properly after your installation project’s Web site and virtual directory are installed. |
| • | TRUE (1)—Set the SSIEnableCmdDirective registry value on the target system to 1. This allows the #exec CMD directive of server-side includes to be used to execute shell commands. |
If you select the FALSE or TRUE options, InstallShield stores the value—either 0 for FALSE or 1 for TRUE—in the INSTALLSHIELD_SSI_PROP property.
If a Web site or virtual directory in your installation is installed on a target system and you selected the FALSE or TRUE options for the SSIEnableCmdDirective registry value setting, the SSIEnableCmdDirective registry value is updated on the target system.
Note:If your product is uninstalled from a target system, the SSIEnableCmdDirective registry value is not changed, even if its value was changed during installation.
See Also