If, by stating the above, you're telling me I should not run this phpBB software because it's full of security holes which can be exploited then I am truely 100% convinced! Thank you for your insight and advice. Any would-be-hacker/kiddie-scripter who finds out the VERSION of my phpbb installation can run amok freely and cause serious damage. So, the question in my mind right now is, "Why am I using phpBB when, by simply revealing the installed version to the public, it's a MAJOR security risk?" It's a pertinent question which requires a relevant answer. The solution is to fix any security issues, obviously. Not give weak excuses for existing (or past) problems. The issues with Googling the version of a phpBB and exploiting it were YEARS ago. phpBB has come a long way since those times. If phpBB dev's are still paranoid about displaying to the public which version is installed then there are serious issues with their own software which need to be addressed. Otherwise, if they intend to carry on with this attitude their software must be flawed and there really is no reason or purpose in using it, only to cause yourself headaches and stress when it gets hacked. Right? So, why even risk using it? Just use some other forum software that doesn't have the same security flaws.Arty wrote:I think its a bad idea:
- Security reasons mentioned above.
- Footer already has a lot of stuff in it, especially on modded forums.
- Nobody really cares what version you are running, so why show it?
Please name any other software or developer who refrains from disclosing version info based on, "it's a potential security risk"? Do you see Microsoft advertising, "Here's the new Windows for 2012 but we're not saying which version it is due to potential security/hacking issues and it's none of your business which version you're running anyway!" Do you seriously think in this day and age people are going to swallow that garbage? No, of course not. So please get real!
Footers can have whatever you like in them. It makes NO sense at all to give the excuse, "Footer already has a lot of stuff in it, especially on modded forums" because; 1) each forum is different, 2) footers are easily configurable, 3) not everybody uses the same forum(s). It's like saying, "You can't display the phpBB version info because I say so!" and that's simply ridiculous. I mean, COME ON!
"Nobody really cares what version you running so why show it?" Oh dear. Are you actually speaking for the entire population of phpBB users here? If so, you do not speak for me. I care which version of phpBB I'm running and I'd like to inform any users which version of phpBB they're using too. It shouldn't be a problem in any case when it's so easy to find out any phpBB install version without even visiting the forum itself. How long would it take somebody to do that? Or, how long would it take somebody to cycle through all the different versions of phpbb until any particular exploit/hack worked on any particular phpbb installation? Not very long, you have to admit. So what's the real issue here? Is it fear, paranoia, the mortal dread of history repeating itself? This mentality is CRAZY!
However, because of the issues you've pointed out with phpBB I'm having a think on whether I actually should be running it at all. If simply disclosing the installed version to the public is such a bad idea why the hell do I have it installed on my server(s)? I must be crazy!!!
@TheKiller > I'd be proud to display my phpBB version in any case but if it's that much of a security risk... I'd stop using the software. The response you received here was one of "DO AS WE SAY BECAUSE WE SAY IT" and not any helpful or rational advice. They basically said to you, "The phpBB forum software is flawed but it's semi-ok if nobody else knows which version you have installed... until they guess."