Hi, I think its security bug to provide php version info and phppgadmin to anonymous user. So please change line 20 from intro.php to:
<h1><?php echo "$appName ?></h1>
I understand your concern, and it seems legit, but the information can be useful for us (which is why we added it iirc). I was thinking maybe we would just alter it so that if you have the "extra login security" flag true (the default) we would hide it, but if not, we would display it. thoughts?
If the default will be not displaying version information, I am fine with it.
"extra login security" is for ... login security (why should we keep that btw ?).
IMHO, if this is really an issue, we should just remove the PHP version and explain people how to get their PHP version when needed.
I agree that version should not be displayed.
Log in to post a comment.