Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Virtuality wrote:Just curious... I can't see any obvious reason for that right now, but I'm sure you have one. I just want to know the reason.
Update of /cvsroot/phpbb/phpBB2/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20102/includes
Modified Files:
functions.php
Log Message:
Remove version information from display
It enables people running out of date installations to be easily tracked down through google when it is present - When the number is not shown, it does not allow an attacker to see if a paticular forum is vulnerable to certain exploits easily.
CLee wrote:Then all phpBB boards will be targeted regardless of what version they are. Security through obscurity is no security at all.
You would rather they attacked 100 vulnerable boards & sucessfully defaced them, as opposed to attacking 25 vulnerable boards, and 75 patched ones, only doing damage to 25%?
CLee wrote:Then all phpBB boards will be targeted regardless of what version they are. Security through obscurity is no security at all.
That would be true if there were either infinite hackers or one hacker with infinite time. As both cases are obviously false, then there are only a limited number of hackers each with limited time. They lose the ability to decide which boards to attack prior to launching their attack, which, as Dan said, would statistically reduce the number of successful break-ins.
CLee wrote:Then all phpBB boards will be targeted regardless of what version they are. Security through obscurity is no security at all.
Stop nitpicking. The developers didn't spend much time on this one. Seriously, it's understandable to wonder WHY they did it, but to attack them for it is very stupid and immature.
sigh ... as I always say, we just cannot win. It's another "thing" which allows people to cause harm ... therefore putting 1 and 1 together suggests, particularly after this worm incident that eliminating it from public view makes, let's think about this for a second, sense ... that's the word.
Security through obscurity? oh please, get a grip ... you're suggesting we've done nothing else to improve security in 2.2 but remove the version number? Which CVS are you following prey tell.