On 20 Dec 2010, at 06:40, Russell Keith-Magee wrote: > > No, there aren't any completely reliable clues -- and in my opinion, > that's a good thing. > > Providing an easy way to identify a Django site serves no purpose > other than inflating project ego. On the other hand, if I am a black > hat hacker, and i want to take down your site, being able to easily > identify the software running your site dramatically narrows the > search for possible attack vectors. > > As much as I enjoy the trainspotting aspect of knowing where Django is > being used, it is information that doesn't need to be shared by > default. If I want to share the technology that I have used in > building my site, I can put up a colophon page, or write a case study > on a blog, or any number of other options. I see no reason that this > information needs to be machine readable at all, let alone machine > readable by default. > > As Jeremy has noted, the closest you will get to easily identifying a > Django site is to look for the telltale signs of the admin site, but > admin is not universally deployed, nor is it universally deployed at > /admin (in fact, I routinely use a different URL for admin > deployment). You might also get some hints out of session cookie > naming - but again, not every site uses Django's session framework, > and if they do, the session cookie name is configurable. > > Yours, > Russ Magee %-)
I agree, if you can tell what server-side tools are in use then someone has probably done something wrong somewhere. You may be able to guess what framework is in use by spotting certain design patterns that are pushed particularly strongly by a framework, but as all frameworks gradually move towards best practices it'll become increasingly difficult to tell them apart. This is definitely a good thing, I am generally rather pleased if I can deploy something without someone knowing what server side tools are in use. - Andrew Ingram -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
