I think

expose_php = Off

is first thing to do instead of changing association.
(As well as disabling server signature)

extension does not tell much, but expose_php tells PHP version also, if you care
about crackers.
Crackers will notice you care about security somewhat. It does not protect your
server from experienced crackers, though.

Regards,
--
Yasuo Ohgaki


""Johnson, Kirk"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I would like opinions on a security question.
>
> A co-worker suggested we rename our application files to some extension
> other than .php (for example, .htm). The reasoning being that the .php
> extension tells a cracker that we are using PHP, and not ASP, or ColdFusion,
> etc. The cracker can focus immediately on vulnerabilities of PHP.
>
> So, is there something to be gained by masking our server setup by changing
> our filename extension?
>
> TIA
>
> Kirk
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to