Hello,
Am Monday 13 September 2010 01:22:06 schrieb Kai Gazmaga: > If someone wants to attack an oxid-shop, the > offender can see exactly, wich fixes are in the shop and analyze how to > attack best. A normal attack will be done by scripts which test *every known exploit* of every version. Security by obscurity is not a solution. If someone looks for new specific exploits, he try first on a local installation. - Of course, here it's a little dangerous, that the version number is in the copyright notice in the html-source of the frontend. > <!-- OXID eShop Community Edition, Version 4.4.2, Shopping Cart System (c) OXID eSales AG 2003 - 2010 - http://www.oxid-esales.com --> But the the oxchkversion should be deleted after update. > Would it not be better to integrate this function into the > backend, or even secure it by requesting an admin-password. Yes, this will be more nice... possible with a sync to a ssl oxid server.... and a list of all changes by status (feature, securty, etc.) in the admin will be nice, too. Regards, Markus _______________________________________________ dev-general mailing list [email protected] http://dir.gmane.org/gmane.comp.php.oxid.general
