Why was the version number removed?

[Virtuality]

Just curious... I can't see any obvious reason for that right now, but I'm sure you have one. I just want to know the reason.

Update of /cvsroot/phpbb/phpBB2/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20102/includes

Modified Files:
functions.php
Log Message:
Remove version information from display

[the_dan]

Just curious... I can't see any obvious reason for that right now, but I'm sure you have one. I just want to know the reason.

Update of /cvsroot/phpbb/phpBB2/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20102/includes

Modified Files:
functions.php
Log Message:
Remove version information from display

It enables people running out of date installations to be easily tracked down through google when it is present - When the number is not shown, it does not allow an attacker to see if a paticular forum is vulnerable to certain exploits easily.

Dan

[CLee]

Then all phpBB boards will be targeted regardless of what version they are. Security through obscurity is no security at all.

[the_dan]

Then all phpBB boards will be targeted regardless of what version they are. Security through obscurity is no security at all.

You would rather they attacked 100 vulnerable boards & sucessfully defaced them, as opposed to attacking 25 vulnerable boards, and 75 patched ones, only doing damage to 25%?

Dan

[Roberdin]

Then all phpBB boards will be targeted regardless of what version they are. Security through obscurity is no security at all.

That would be true if there were either infinite hackers or one hacker with infinite time. As both cases are obviously false, then there are only a limited number of hackers each with limited time. They lose the ability to decide which boards to attack prior to launching their attack, which, as Dan said, would statistically reduce the number of successful break-ins.

[OddDuck]

As evident, one good hacker with a cleverly written worm is all it takes. Time is of no impact.

[JPortal]

Then all phpBB boards will be targeted regardless of what version they are. Security through obscurity is no security at all.

Stop nitpicking. The developers didn't spend much time on this one. Seriously, it's understandable to wonder WHY they did it, but to attack them for it is very stupid and immature.

[olger901]

Who cares? perhaps it is just removed for now but will be implented back in later on when the final is released, this is CVS and you never know

[dagta]

If you want a version number to display, it would/will be very easy to add that text anywhere you like.

I could make my phpbb2.0.11 board claim to be phpbb3.1.77 if I liked.

[psoTFX]

sigh ... as I always say, we just cannot win. It's another "thing" which allows people to cause harm ... therefore putting 1 and 1 together suggests, particularly after this worm incident that eliminating it from public view makes, let's think about this for a second, sense ... that's the word.

Security through obscurity? oh please, get a grip ... you're suggesting we've done nothing else to improve security in 2.2 but remove the version number? Which CVS are you following prey tell.