If we are already at it, is there any easy way to serve tg_widgets as static apache files?
On Jul 16, 2:27 pm, Jorge Godoy <[EMAIL PROTECTED]> wrote: > On Monday 16 July 2007 05:16:45 Daniel Fetchinson wrote: > > > > > Okay, calling it "public API" is maybe not the right term, but it > > surely reveals the fact that the web application is implemented in tg. > > What is good to me. As good as the server saying that it is Apache, Nginx, > LigHTTPd... There was a time when people were concerned with that because of > security issues, then they started learning that security through obscurity > isn't good and this kind of concern has diminished... > > What is your concern on people knowing that you used TurboGears? You *are* > using it. > > > That is true, I mean the rewriting of URLs is a good idea. > > And an easy one to implement. Without changes required to TG... > > > It's just the fact that if a potential attacker knows implementation > > details he/she has a much simpler task. > > It is much faster for him to get his "kit" and try all tools then check what > is in the server, what version, choose the tools, etc. > > This is one of the reasons why people don't care much about the identification > of the software they run. Besides that, if he doesn't succeed with the > specific set, he'll probably try all other tools. As I said, security > through obscurity isn't a good politics. > > > Haven't yet, thought that I'd ask around here first, but I surely will > > now :) Will post anything useful I find. > > Sure! We'll be waiting for your input. > > -- > Jorge Godoy <[EMAIL PROTECTED]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
