Not really, I mean it may deter a very novice hacker. But, if the people
want in, they can very easily find out what server and server software you
are running. For example, goto www.netcraft.com and click on 'What's that
site running?' and put in your www.domain.com address. It will tell ou
everything about the server, even uptime. So, if they want to know, they
can find out, file extensions just make it a bit easier...
----- Original Message -----
From: "Johnson, Kirk" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 01, 2001 12:08 PM
Subject: [PHP] Your opinion on security issue: file extension
> I would like opinions on a security question.
>
> A co-worker suggested we rename our application files to some extension
> other than .php (for example, .htm). The reasoning being that the .php
> extension tells a cracker that we are using PHP, and not ASP, or
ColdFusion,
> etc. The cracker can focus immediately on vulnerabilities of PHP.
>
> So, is there something to be gained by masking our server setup by
changing
> our filename extension?
>
> TIA
>
> Kirk
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
