I personally think it can hurt the PHP project to have expose_php
turned off by default. A lot of PHP's push has been thanks to the
Netcraft numbers.
Andi
At 10:56 AM 11/10/2005, Wolfgang Drews wrote:
> > I don't think it would reduce the number of attacks turning the
> > version information off. But it would be more cumbersome to help
> > people with php issues as the php version is not directly available.
>
> Right, that was my point too.
yes, but in the end it is more a problem of user-perception. "hej, if
security-experts say it is more secure, then ofcourse i will turn it
off - after all i don't care for netcraft-stats" (and don't know about
it either).
finally, if people turn it off because of security-reasons, one should
consider a compromise between "security" and "statistics" ... or not?
best regards
-Wolfgang
--
PHP-Centralpoint Dynamic Web Pages: http://www.dynamicwebpages.de/
German PHP-Certification: http://www.phpzertifizierung.de/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
