> On 06.04.2017, at 11:12, Robert Sandell <[email protected]> wrote: > > https://en.wikipedia.org/wiki/Security_through_obscurity
Doing this can conceivably be part of a defense-in-depth strategy that tries to slow down potential attacker by making information gathering as difficult as possible. That said, Jenkins has any number of characteristics that help identify version beside the version in the footer (e.g. X-Jenkins headers, or checksums of accessible JS and CSS files which can be compared to those in the public Git repo), and is fairly well-known, so it shouldn't be difficult to write a tool to help identify at least an approximate version. So, doing anything like this properly would be lots of work, and wouldn't accomplish a lot. If you're this concerned about security, I recommend you set up a reverse proxy based authentication and only allow access to any Jenkins URL (including otherwise unsecured ones) once a user successfully authenticated. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/D3404B55-755F-4934-B756-8C7A5D082141%40beckweb.net. For more options, visit https://groups.google.com/d/optout.
