tag 582204 +wontfix severity 582204 wishlist thank you Francois,
I don't agree with you (however not much strongly). Security by obscurity never worked and I am oposed of applying this patch. Hiding version makes life harder for everybody else but attacker. Ondrej On Wed, May 19, 2010 at 06:53, Francois Marier <franc...@debian.org> wrote: > Package: php5 > Version: 5.3.2-1 > Severity: normal > Tags: patch > > I'm sure this has been mentioned before, but it would be nice if expose_php > was > disabled by default in php.ini. > > While these headers can be useful in development, they are also revealing the > exact PHP version that the server is running. We don't need to make attackers' > lives easier. > > This won't prevent a determined attacker from getting in, but it lowers the > effectiveness of attacks based on mass scanning for vulnerable targets. > > Francois > > _______________________________________________ > pkg-php-maint mailing list > pkg-php-ma...@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint > -- Ondřej Surý <ond...@sury.org> http://blog.rfc1925.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
