Best practices securing HTTP/HTTPS (continued) Server Side Includes Server Side Includes (SSI) present a server administrator with several potential security risks. Denial of Service - all SSI-enabled files have to be parsed by Apache while this load increase is minor, in a shared server environment it can become significant. Enabling SSI for files with .html or .htm extensions can be dangerous. SSI-enabled files should have a separate extension, such as the conventional .shtml. This helps keep server load at a minimum and allows for easier management of risk. To isolate the damage a wayward SSI file can cause, a server administrator can enable suexec. SSI files also pose the same risks that are associated with CGI scripts in general. Using the "exec cmd" element, SSI-enabled files can execute any CGI script or program under the permissions of the user and group Apache runs as, as configured in httpd.conf.