Leave it alone. I vote we just drop this discussion. :)
We have lot of more important things to talk about than
about something like this..
--Jani
On Thu, 10 Nov 2005, Wez Furlong wrote:
Turning off expose_php is just security by obscurity; a determined
hacker can still probe for problems even if that setting is turned
off.
My vote is to leave it as-is; leave it to the administrator to decide
if they want to turn it off.
--Wez.
On 11/10/05, Marcus Boerger <[EMAIL PROTECTED]> wrote:
Hello Andi,
agreed, also we are doing very much work on security. Thus new and regular
updated systems shouldn#t have a problem with exposing this. And we cannot
do anything for unmaintained systems anyway. Therefore i think we or any
user should not be ashamed or fear having php being exposed.
best regards
marcus
Thursday, November 10, 2005, 11:47:22 PM, you wrote:
I personally think it can hurt the PHP project to have expose_php
turned off by default. A lot of PHP's push has been thanks to the
Netcraft numbers.
Andi
At 10:56 AM 11/10/2005, Wolfgang Drews wrote:
I don't think it would reduce the number of attacks turning the
version information off. But it would be more cumbersome to help
people with php issues as the php version is not directly available.
Right, that was my point too.
yes, but in the end it is more a problem of user-perception. "hej, if
security-experts say it is more secure, then ofcourse i will turn it
off - after all i don't care for netcraft-stats" (and don't know about
it either).
finally, if people turn it off because of security-reasons, one should
consider a compromise between "security" and "statistics" ... or not?
best regards
-Wolfgang
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
--
Give me your money at @ <http://pecl.php.net/wishlist.php/sniper>
Donating money may make me happier and friendlier for a limited period!
Death to all 4 letter abbreviations starting with P!
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
