-
2010-02-02
casper
Hello,
please add a feature that allows the user to disable dokuwikis version advertisements in the html code.
Hint: To avoid advertisements i had to edit line 262 at ./inc/template.php
Also the README and VERSION file should be protected against web acess by default in the .htaccess file via:
<FilesMatch "^(README|VERSION)$">
Order Deny,Allow
Deny from all
</FilesMatch>
These are all version leaks i am aware of.
Casper
-
2010-02-02
casper
The reasen why the version should be hidden is the following:
If there is a security issue with a dokuwiki version, it's very easy for an attacker (ScriptKiddie) to find some vulnerable installations on the internet via search engines to abuse them.
-
2010-02-02
chi
You can use the metaheaders plugin to hide the version information. Setting up .htaccess and for README/VERSION etc. is completely up to the webserver admin I think.
-
2010-02-02
casper
I am still the opinion that hiding the version should be a default setting, instead of relaying on an optional plugin the average user won't use. But thanks for the hint with the plugin ;-)
Regarding .htaccess: I fully aggree that this can be done by the server/dokuwiki admin. Like above I recommend to add it to .htaccess.dist as default.
-
2010-06-26
foosel
Implemented in git. Version string is now removed from metadata and only shown in do=check to admins and managers. README, VERSION and COPYING are also restricted in .htaccess.dist