ID: 30892 Updated by: [EMAIL PROTECTED] Reported By: mark_php at stewards dot telinco dot co dot uk -Status: Open +Status: Bogus Bug Type: PHP options/info functions Operating System: Windows XP SP2 PHP Version: 5.0.2 New Comment:
not an issue. Previous Comments: ------------------------------------------------------------------------ [2004-11-25 06:21:41] mark_php at stewards dot telinco dot co dot uk Description: ------------ A very minor issue - I think the wording could be more informative, given today's apathy for updating. expose_php *can be* a security threat if the user doesn't keep PHP up-to-date. Hiding it doesn't make a server more secure, but will protect from large-scale sweeps, and I've seen it used as an excuse not to update. On the other hand, it stops the considerate people noticing (not really a factor for a sensible admin) and breaks web-software surveys. I'd suggest changing it to something like "It is not a security threat on its own", and adding "Do not remove this to hide the fact that you don't update - join the PHP announcements list.". Reproduce code: --------------- ; ; Misc ; ; Decides whether PHP may expose the fact that it is installed on the server ; (e.g. by adding its signature to the Web server header). It is no security ; threat in any way, but it makes it possible to determine whether you use PHP ; on your server or not. expose_php = On ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=30892&edit=1
