On 2015-09-13 15:30, Daniel Dickinson wrote: > Oh and 1 has the benefit of actually securing the device against wan access > to LuCI even in the case of firewall not blocking such access, whereas the > robots.txt and hiding banner are classic 'security through obscurity' which > is the > security pundit's favourite target for good reason.
On 2015-09-13 15:42, Daniel Dickinson wrote: > I just remembered that robots.txt is just a text file to stick in /www, so it > is > certainly is not high cost, although now that I remember that is also less > useful than I was thinking because it really only prevents indexing by > cooperative robots that obey robots.txt Indeed: robots.txt is exactly the opposite of `security through _obscurity_': it's a listing that explicitly tells clients what they're not supposed to look at. Trying to use robots.txt as a security measure is actually worse than nothing: you protect yourself from your friends at the expense marking yourself for the bad guys :) -- "Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))." _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
