Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:19950
Return-Path: <derick@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 54825 invoked by uid 1010); 10 Nov 2005 18:35:15 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 54810 invoked from network); 10 Nov 2005 18:35:15 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 10 Nov 2005 18:35:15 -0000
X-Host-Fingerprint: 82.94.239.5 jdi.jdi-ict.nl Linux 2.5 (sometimes 2.4) (4)
Received: from ([82.94.239.5:57461] helo=jdi.jdi-ict.nl)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id 36/F3-08337-1E293734 for <internals@lists.php.net>; Thu, 10 Nov 2005 13:35:13 -0500
Received: from localhost (localhost [127.0.0.1])
	by jdi.jdi-ict.nl (8.12.11/8.12.11) with ESMTP id jAAIZ9H5030507;
	Thu, 10 Nov 2005 19:35:09 +0100
Received: from localhost (localhost [127.0.0.1])
	by jdi.jdi-ict.nl (8.12.11/8.12.11) with ESMTP id jAAIZ398030496;
	Thu, 10 Nov 2005 19:35:04 +0100
Date: Thu, 10 Nov 2005 19:35:01 +0100 (CET)
X-X-Sender: derick@localhost
To: Peter Brodersen <php@ter.dk>
cc: internals@lists.php.net
In-Reply-To: <ofq6n118ql3rggv5ro5iehcsfkg3ju2cra@4ax.com>
Message-ID: <Pine.LNX.4.62.0511101934050.3762@localhost>
References: <20051110140640.0FCF444B92@mail.dynamicwebpages.de>
	<ofq6n118ql3rggv5ro5iehcsfkg3ju2cra@4ax.com>
X-Face: "L'&?Ah3MYF@FB4hU'XhNhLB]222(Lbr2Y@F:GE[OO;"F5p>qtFBl|yVVA&D{A(g3[C}mG:199P+5C'v.M/u@Z\![0b:Mv.[l6[uWl'
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by amavisd-new at jdi-ict.nl
Subject: Re: [PHP-DEV] Re: Expose php: on or off
From: derick@php.net (Derick Rethans)

On Thu, 10 Nov 2005, Peter Brodersen wrote:

> Those targeting specific web sites might be able to figure out the
> approximate version otherwise. The major version of php could be
> determined in a couple of other ways, such as checking what animal
> (sorry Thies :-) is present, e.g.:
> http://www.php.net/cal.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
> and otherwise still try any kind of exploit if the version information
> is unavailable.

That special trick should be disabled when expose_php is set to off; did 
you verify that?

> I don't think it would reduce the number of attacks turning the
> version information off. But it would be more cumbersome to help
> people with php issues as the php version is not directly available.

Right, that was my point too.

Derick

-- 
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org