#427 phppgadmin is providing version info

GIT
open
Robert Treat
Security (8)
5
2014-07-03
2012-11-23
Gandalf
No

Hi, I think its security bug to provide php version info and phppgadmin to anonymous user. So please change line 20 from intro.php to:

<h1><?php echo "$appName ?></h1>

Discussion

  • Robert Treat
    Robert Treat
    2012-11-28

    I understand your concern, and it seems legit, but the information can be useful for us (which is why we added it iirc). I was thinking maybe we would just alter it so that if you have the "extra login security" flag true (the default) we would hide it, but if not, we would display it. thoughts?

     
  • Robert Treat
    Robert Treat
    2012-11-28

    • milestone: --> GIT
    • assigned_to: chriskl --> xzilla
    • summary: Pgadmin is providing versino info --> phppgadmin is providing version info
     
  • Gandalf
    Gandalf
    2012-11-28

    If the default will be not displaying version information, I am fine with it.

     
  • Mh,
    "extra login security" is for ... login security (why should we keep that btw ?).

    IMHO, if this is really an issue, we should just remove the PHP version and explain people how to get their PHP version when needed.

     
  • Mitar
    Mitar
    2014-07-03

    I agree that version should not be displayed.