El Mon, 13-02-2006 a las 16:02 +0000, Alvaro Lopez Ortega escribió: > Well, first of all, we have to think of these points: > > - Where to hide it? It shouldn't impact the performance. > - May it be a security issue for someone? > > If we can reply those question, I guess it's a funny idea.
Yeap, that's something very important to think about. In the case of PHP you can disable the eastern eggs by editing your php.ini to have expose_php = Off. Of course, not everybody is aware of that so yes, eastern eggs for sure easily reveal the software you're using and that could be fore sure a security breach. This bitmaps (you actually get to to store a GIF or PNG-encoded stream of bytes as part of your executable) of course take some space to store and if it is just one image of, say, 11KB inside the web server main executable it's 11KB extra fat in the memory image of a program that be want to be agile and slim enough as to outperform any other contendor on any hardware, so perhaps not a good idea anyway. So if we do it at any point I guess the hidden stream of bytes could be stored very discretely inside some of the other Cherokee exe's like cherokee-config or cherokee_logrotate that are only called on demand in the command line rarely. Would it be possible? Of course the web server when hit on the secret URL would have to look for this file and read the image stream out of it or show nothing at all if the party is ruined by the absense of its complice if the other exe has not been installed or has been moved, or deleted. Just exploring a funny idea quite possibly in the wrong moment since there are N more important things to focus on, but, hey! wouldn't it be fun ;) Antonio _______________________________________________ Cherokee mailing list [email protected] http://www.alobbs.com/cgi-bin/mailman/listinfo/cherokee
