#2691: Trac shouldn't announce version number
--------------------------+-------------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: jonas
Type: defect | Status: new
Priority: high | Milestone:
Component: general | Version: 0.9.3
Severity: major | Resolution:
Keywords: security |
--------------------------+-------------------------------------------------
Comment (by mgood):
Well, this sort of falls into
[http://en.wikipedia.org/wiki/Security_through_obscurity security through
obscurity]. If the version number is not displayed an attacker will find
another way to distinguish the versions, or simply try all the sites.
Keeping the version number visible would allow users of a Trac site to
encourage the admins to upgrade it if they notice it's running an old
version.
I suppose it doesn't hurt to have an option to disable display the
version, but if this is done the version should be added to the
"About/Configuration" page so that admins could still find the version
even if it's not accesible on the other pages.
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/2691>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets
