Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.
  • Root
  • » PHP
  • » [PHP-DEV] Expose php: on or off [RSS Feed]

#1 Nov. 10, 2005 15:14:19

Wolfgang D.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] Expose php: on or off


hi list,

i just came back from phpconference in frankfurt and had some nice
talks there with Ilia and Derick. They told me to send my following
thoughts to internals, so that you maybe can find a wise solution for
it.

as security gets more and more recognized by many people, they do
follow all the security-experts suggestions to turn of the exposure
of php to OFF, as otherwise this would help hackers to find
vulnerabilities on their server (i.e. if you are running an old
php-version, which has security-holes).
I was told to do so, too, but actually i have a very good reason to
let it turned on: Netcraft. as far as i can see it, Netcraft is
collecting its numbers from exactly this exposure. Further i think
to remember, that in former times everybody told to turn it on - so
that Netcraft can count the server as php-server and in result the
statistics are doing well for php.
Now have a short look at the statistics, and you will see, that we
had a degree in domains of about 1.3 million domains last month . i
can imagine that a reason for this may be, that a huge provider
turned expose_php to off (but who knows). In any case, this makes
me aware of a problem: a decision between security and php's spread?

my suggestion would be, to simply shorten the string that gets
exposed to "php" - and not show any version numbers (or maybe leave
it to the user, say 0 for "no exposure", 1 for "only php" and 2 for
"php with version number".

what do you think?


best regards,

-Wolfgang

--
PHP-Knotenpunkt Dynamic Web Pages:http://www.dynamicwebpages.de/Deutschsprachige PHP-Zertifizierungen:http://www.phpzertifizierung.de/Professionelle Lösungen für dynamisches Webpublishing:http://php-buch.de/--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#2 Nov. 10, 2005 16:03:14

Matthias P.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] Expose php: on or off


> my suggestion would be, to simply shorten the string that
> gets exposed to "php" - and not show any version numbers (or
> maybe leave it to the user, say 0 for "no exposure", 1 for
> "only php" and 2 for "php with version number".

At least it would be interesting to know about the spread of
PHP(3?)/4/5... So maybe one solution would be to strip the minor
numbers?

Matthias

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

  • Root
  • » PHP
  • » [PHP-DEV] Expose php: on or off [RSS Feed]

Board footer

Moderator control

Enjoy the 18th of November
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support