Just curious... I can't see any obvious reason for that right now, but I'm sure you have one. I just want to know the reason.
Update of /cvsroot/phpbb/phpBB2/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20102/includes
Modified Files:
functions.php
Log Message:
Remove version information from display
Why was the version number removed?
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
-
- Registered User
- Posts: 197
- Joined: Sat Apr 19, 2003 6:35 pm
- Location: Sweden
- Contact:
Why was the version number removed?
"phpBB3 is never late. Nor is it early. It arrives precisely when it means to."
Re: Why was the version number removed?
It enables people running out of date installations to be easily tracked down through google when it is present - When the number is not shown, it does not allow an attacker to see if a paticular forum is vulnerable to certain exploits easily.Virtuality wrote:Just curious... I can't see any obvious reason for that right now, but I'm sure you have one. I just want to know the reason.
Update of /cvsroot/phpbb/phpBB2/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20102/includes
Modified Files:
functions.php
Log Message:
Remove version information from display
Dan
Re: Why was the version number removed?
Then all phpBB boards will be targeted regardless of what version they are. Security through obscurity is no security at all.
Carlos Myers
Member - Star Wars Roleplaying Club
Member - Star Wars Roleplaying Club
Re: Why was the version number removed?
You would rather they attacked 100 vulnerable boards & sucessfully defaced them, as opposed to attacking 25 vulnerable boards, and 75 patched ones, only doing damage to 25%?CLee wrote:Then all phpBB boards will be targeted regardless of what version they are. Security through obscurity is no security at all.
Dan
-
- Registered User
- Posts: 1546
- Joined: Wed Apr 09, 2003 8:44 pm
- Location: London, United Kingdom
Re: Why was the version number removed?
That would be true if there were either infinite hackers or one hacker with infinite time. As both cases are obviously false, then there are only a limited number of hackers each with limited time. They lose the ability to decide which boards to attack prior to launching their attack, which, as Dan said, would statistically reduce the number of successful break-ins.CLee wrote:Then all phpBB boards will be targeted regardless of what version they are. Security through obscurity is no security at all.
Rob
Re: Why was the version number removed?
As evident, one good hacker with a cleverly written worm is all it takes. Time is of no impact.
phpBB phpBB phpBB phpBB
Re: Why was the version number removed?
CLee wrote:Then all phpBB boards will be targeted regardless of what version they are. Security through obscurity is no security at all.
Stop nitpicking. The developers didn't spend much time on this one. Seriously, it's understandable to wonder WHY they did it, but to attack them for it is very stupid and immature.
Re: Why was the version number removed?
Who cares? perhaps it is just removed for now but will be implented back in later on when the final is released, this is CVS and you never know
-
Re: Why was the version number removed?
If you want a version number to display, it would/will be very easy to add that text anywhere you like.
I could make my phpbb2.0.11 board claim to be phpbb3.1.77 if I liked.
I could make my phpbb2.0.11 board claim to be phpbb3.1.77 if I liked.
Re: Why was the version number removed?
sigh ... as I always say, we just cannot win. It's another "thing" which allows people to cause harm ... therefore putting 1 and 1 together suggests, particularly after this worm incident that eliminating it from public view makes, let's think about this for a second, sense ... that's the word.
Security through obscurity? oh please, get a grip ... you're suggesting we've done nothing else to improve security in 2.2 but remove the version number? Which CVS are you following prey tell.
Security through obscurity? oh please, get a grip ... you're suggesting we've done nothing else to improve security in 2.2 but remove the version number? Which CVS are you following prey tell.