Hello Andi, agreed, also we are doing very much work on security. Thus new and regular updated systems shouldn#t have a problem with exposing this. And we cannot do anything for unmaintained systems anyway. Therefore i think we or any user should not be ashamed or fear having php being exposed.
best regards marcus Thursday, November 10, 2005, 11:47:22 PM, you wrote: > I personally think it can hurt the PHP project to have expose_php > turned off by default. A lot of PHP's push has been thanks to the > Netcraft numbers. > Andi > At 10:56 AM 11/10/2005, Wolfgang Drews wrote: >> > > I don't think it would reduce the number of attacks turning the >> > > version information off. But it would be more cumbersome to help >> > > people with php issues as the php version is not directly available. >> > >> > Right, that was my point too. >> >>yes, but in the end it is more a problem of user-perception. "hej, if >>security-experts say it is more secure, then ofcourse i will turn it >>off - after all i don't care for netcraft-stats" (and don't know about >>it either). >> >>finally, if people turn it off because of security-reasons, one should >>consider a compromise between "security" and "statistics" ... or not? >> >>best regards >> >>-Wolfgang -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
