#427 phppgadmin is providing version info

Security (8)

Hi, I think its security bug to provide php version info and phppgadmin to anonymous user. So please change line 20 from intro.php to:

<h1><?php echo "$appName ?></h1>


  • Robert Treat

    Robert Treat - 2012-11-28

    I understand your concern, and it seems legit, but the information can be useful for us (which is why we added it iirc). I was thinking maybe we would just alter it so that if you have the "extra login security" flag true (the default) we would hide it, but if not, we would display it. thoughts?

  • Robert Treat

    Robert Treat - 2012-11-28
    • milestone: --> GIT
    • assigned_to: chriskl --> xzilla
    • summary: Pgadmin is providing versino info --> phppgadmin is providing version info
  • Gandalf

    Gandalf - 2012-11-28

    If the default will be not displaying version information, I am fine with it.

  • J.Guillaume (ioguix) de Rorthais

    "extra login security" is for ... login security (why should we keep that btw ?).

    IMHO, if this is really an issue, we should just remove the PHP version and explain people how to get their PHP version when needed.

  • Mitar

    Mitar - 2014-07-03

    I agree that version should not be displayed.


Log in to post a comment.