** Changed in: php5 (Debian)
Status: Won't Fix = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1002443
Title:
php5-fpm exposes full ubuntu package version in
I think that full version number is important and we will gain no extra
security by hiding it by default, just more pain when debugging. You
always have an option to disable the headers yourself, if you think it
will gain you any extra security.
** Bug watch added: Debian Bug tracker #582204
** Changed in: php5 (Debian)
Status: Unknown = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1002443
Title:
php5-fpm exposes full ubuntu package version in headers
Security by obscurity doesn't actually work. Hiding the version number
will not affect whether your system is secure or not, and it's quite
likely that an attacker would simply run his script regardless of the
version number displayed on your website.
If this is important in your environment,
@Marc: I tried to explain the security by obscurity flaw ;) and that one
should just focus on a hardened install and not so much about exposed
version info in their header.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in
@bkerensa, thanks for the constructive contribution to the
conversation... i discussed this with a couple folks in #ubuntu-server
and one of the Ubuntu php maintainers, and filed this with their
feedback.
@all, i'm well aware that security by obscurity is no solution, but as
noted by Francois in
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1002443
Title:
php5-fpm exposes full ubuntu package version in headers
To manage notifications about this bug go to:
