Doesn't seem like a big deal to me.. even _without_ the phpinfo() function
i could probably tell you with about 80% accuracy what directories stuff on
any given server is installed in, since most people use the defaults
anyway. And any technical mailing list such as this one would tell you
exactly this information (and a lot more) about any of the thousands of
people who post to the list.
So what use is this information from a security threat standpoint? While
knowing an exact server version might conceivably help a hacker know what
explots to try (or not try), one should hardly consider that the _lack_ of
published info about their server is any sort of security.
Jamie
At 10:59 PM 10/23/00, R. DuFresne wrote:
>I am not sure if this is an issue that is seems bad for
>a servers security to most people, but to me it is a
>really bad looking problem. The phpinfo() function
>available from PHP versions gives out a _LOT_ of server
>information, directories things are installed in, versions
>etc.
>
>Anyone who is not familiar with this page and the contents
>can look below for examples in the search results I did
>or do a search themselves and see.
>
>This page is also super easy to find through a
>search engine, like the ASP/PHP page error problem reported
>in the past. I did a lookup in Google for the following...
>
>phpinfo() PHP Credits Version
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
