#427 phppgadmin is providing version info

GIT
open
Security (8)
5
2014-07-03
2012-11-23
Gandalf
No

Hi, I think its security bug to provide php version info and phppgadmin to anonymous user. So please change line 20 from intro.php to:

<h1><?php echo "$appName ?></h1>

Discussion

  • Robert Treat

    Robert Treat - 2012-11-28

    I understand your concern, and it seems legit, but the information can be useful for us (which is why we added it iirc). I was thinking maybe we would just alter it so that if you have the "extra login security" flag true (the default) we would hide it, but if not, we would display it. thoughts?

     
  • Robert Treat

    Robert Treat - 2012-11-28
    • milestone: --> GIT
    • assigned_to: chriskl --> xzilla
    • summary: Pgadmin is providing versino info --> phppgadmin is providing version info
     
  • Gandalf

    Gandalf - 2012-11-28

    If the default will be not displaying version information, I am fine with it.

     
  • J.Guillaume (ioguix) de Rorthais

    Mh,
    "extra login security" is for ... login security (why should we keep that btw ?).

    IMHO, if this is really an issue, we should just remove the PHP version and explain people how to get their PHP version when needed.

     
  • Mitar

    Mitar - 2014-07-03

    I agree that version should not be displayed.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks