|
|
Posted by unwiredbrain@gmail.com on 10/23/42 11:56
Jerry Stuckle wrote:
> And security by obscurity is worse than no security at all - you think
> you have security but you don't.
> If your site is secure, it doesn't matter what technology you use. And
> if it's not secure, it doesn't matter how hard you try to obscure that fact.
Yes, you're right. Of course there must be a robust and secure engine
behind, but...
Thanks to the hard work of php developers and sustainers, bugs in php
are found and solved quite daily; then, revealing the php technology
could be seriously dangerous if an attacker tries to deep scan (with
nmap, and similar tools) your host, allowing him to easily find which
php version the server is running and which attacks to use! Even if you
made a very robust and secure site...
IMHO, no one (except php.net, of course ;P) should reveal the
technology behind; moreover, you should do everything you can not to
allow anyone to guess which technology you're using.
Peace
--
unwiredbrain
Navigation:
[Reply to this message]
|