#1068 (ok 2.11.8)Option for disabling version string on login page

Next_release
fixed
1
2013-06-11
2007-11-22
Stefan Hoth
No

Hello,

due to rising amount of security patches (which I strongly support and be thankful for) I looked for a possibility to hide the version string of my current installation till I have got the time to upgrade. This way bots searching for vulnarable site would have it a lot harder to get the version string.

I didn't find a way to do it just for the login site (I use cookie auth) without editing the core files (main.php or index.php, I guess).

That's why I helped myself with editing the config.inc.php with the line: DEFINE('PMA_VERSION',''); which rewrites the version string applicationwide.

Since I rather want to disable the string just on the login page (authenticated users should be able to see the version) I hereby file a feature request.

Thank you,

Stefan

Discussion

  • Marc Delisle

    Marc Delisle - 2008-07-19
    • priority: 5 --> 1
    • assigned_to: nobody --> lem9
    • summary: Option for disabling version string on login page --> (ok 2.11.8)Option for disabling version string on login page
    • status: open --> open-accepted
     
  • Michael Braun

    Michael Braun - 2008-08-14

    Logged In: YES
    user_id=1232681
    Originator: NO

    according to the release notes, this has been done for 2.11.8.0.
    Nevertheless, one can easily check for RELEASE-DATE-* oder ChangeLog usually being
    placed in the phpmyadmin dir.
    I'm proposing to ship an .htaccess file with rejects HTTP access to
    Documentation.*, ChangeLog, changelog.php, README, translators.*, LICENSE, test, CREDITS, RELEASE*, scripts, readme.php ,
    which can easily be used to detect your version.

     
  • Marc Delisle

    Marc Delisle - 2008-08-14

    Logged In: YES
    user_id=210714
    Originator: NO

    I guess that which this .htaccess, a legit used could no longer access these files via http?

     
  • Michal Čihař

    Michal Čihař - 2008-09-03
    • status: open-accepted --> closed-accepted
     
  • Michal Čihař

    Michal Čihař - 2013-06-11
    • Status: closed-accepted --> fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks