On 24 Mar 2003 at 11:02, Jeremy Tinley wrote: > but paying for a low end account, finding the version > number the host is running and finding an exploit for that version would > probably be what the original poster had in mind of preventing.
Suppose you prevented customers from seeing the version number. What would prevent them from just trying whatever exploits they want without knowing the version? If you have a vulnerability, you have a vulnerability, whether the version number is visible or not. Now hiding the version might make some sense if there were a way to automatically scan a range of IP addresses to look for MySQL servers of a particular version. -- Keith C. Ivey <[EMAIL PROTECTED]> Tobacco Documents Online http://tobaccodocuments.org Phone 202-667-6653 -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
