-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 25.07.2011 21:16, schrieb M.-A. Lemburg: > "Martin v. Löwis" wrote: >>> So you deliberately make it easy for potential attackers to find out >>> about everything they need to know in order take over the site. >>> >>> Could you explain the reasons behind this ? >> >> This information is not meant for attackers, but for people contributing to >> the maintenance of the site. It may also help attackers, but only a little >> so, since they can easily gather the information, anyway. >> >> You seem to favor obscurity as a means of security. Please understand that >> this gives a false sense of security. > > No, not really. Not having the information readily available doesn't make it > more secure (obscurity never increases security), but it does make it harder, > and thus, raises the bar for script-kiddies.
This is similar to running SSH on a non-standard port: praised by many as the ultimate security measure, but in reality it only delays people by the amount of time it takes to do a portscan. Georg -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEARECAAYFAk4twnQACgkQN9GcIYhpnLBQOwCgrpq7yUrbnImF/Zfp9YB1msnL nR0Anie6euH3/NPBaBj1fdDDoZU5F+mA =yT5z -----END PGP SIGNATURE----- _______________________________________________ pydotorg-www mailing list pydotorg-www@python.org http://mail.python.org/mailman/listinfo/pydotorg-www