This page requires java-script to be enabled. Please adjust your browser-settings.
streber
PM
Login
|
Register
guest
Home
Your Tasks
Bookmarks
Efforts
Overall history
P
rojects
streber
People
Companies
S
earch:
streber
>
Tasks
|
Docu
|
Milestones
|
Versions
|
Files
|
History
Help
login & rights
>
login page sho...
> Comment
Confirmed...
/
#2163
Edit
Bookmark
Delete
I really like this discussion, as it shows that I am not the only person interessted in security hardining.
I would suggest the following procedure:
never show version on..
anonymous pages (includes login, loginSubmit, error)
or if
!isset($auth->cur_user->id)
add option
SHOW_VERSION
with default true
Of course the "guest/guest"-login hint at streber.pixtur.de is additional. I want to leave it because streber is driven by a comunity which is open for everybody. In the long term I even want to go a step further and allow anonymouse browsing public content.
I really would like to let streber be tested by some security hackers and script kiddies. Maybe there is some site at the internet that announces such competitions...
tom