On Monday 16 July 2007 05:16:45 Daniel Fetchinson wrote: > > Okay, calling it "public API" is maybe not the right term, but it > surely reveals the fact that the web application is implemented in tg.
What is good to me. As good as the server saying that it is Apache, Nginx, LigHTTPd... There was a time when people were concerned with that because of security issues, then they started learning that security through obscurity isn't good and this kind of concern has diminished... What is your concern on people knowing that you used TurboGears? You *are* using it. > That is true, I mean the rewriting of URLs is a good idea. And an easy one to implement. Without changes required to TG... > It's just the fact that if a potential attacker knows implementation > details he/she has a much simpler task. It is much faster for him to get his "kit" and try all tools then check what is in the server, what version, choose the tools, etc. This is one of the reasons why people don't care much about the identification of the software they run. Besides that, if he doesn't succeed with the specific set, he'll probably try all other tools. As I said, security through obscurity isn't a good politics. > Haven't yet, thought that I'd ask around here first, but I surely will > now :) Will post anything useful I find. Sure! We'll be waiting for your input. -- Jorge Godoy <[EMAIL PROTECTED]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
