Re: [PHP] Your opinion on security issue: file extension
I think expose_php = Off is first thing to do instead of changing association. (As well as disabling server signature) extension does not tell much, but expose_php tells PHP version also, if you care about crackers. Crackers will notice you care about security somewhat. It does not protect your server from experienced crackers, though. Regards, -- Yasuo Ohgaki Johnson, Kirk [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... I would like opinions on a security question. A co-worker suggested we rename our application files to some extension other than .php (for example, .htm). The reasoning being that the .php extension tells a cracker that we are using PHP, and not ASP, or ColdFusion, etc. The cracker can focus immediately on vulnerabilities of PHP. So, is there something to be gained by masking our server setup by changing our filename extension? TIA Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Your opinion on security issue: file extension
I would like opinions on a security question. A co-worker suggested we rename our application files to some extension other than .php (for example, .htm). The reasoning being that the .php extension tells a cracker that we are using PHP, and not ASP, or ColdFusion, etc. The cracker can focus immediately on vulnerabilities of PHP. So, is there something to be gained by masking our server setup by changing our filename extension? TIA Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Your opinion on security issue: file extension
Not really, I mean it may deter a very novice hacker. But, if the people want in, they can very easily find out what server and server software you are running. For example, goto www.netcraft.com and click on 'What's that site running?' and put in your www.domain.com address. It will tell ou everything about the server, even uptime. So, if they want to know, they can find out, file extensions just make it a bit easier... - Original Message - From: Johnson, Kirk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 01, 2001 12:08 PM Subject: [PHP] Your opinion on security issue: file extension I would like opinions on a security question. A co-worker suggested we rename our application files to some extension other than .php (for example, .htm). The reasoning being that the .php extension tells a cracker that we are using PHP, and not ASP, or ColdFusion, etc. The cracker can focus immediately on vulnerabilities of PHP. So, is there something to be gained by masking our server setup by changing our filename extension? TIA Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
