[consulting] security of CHANGELOG.txt
Mark Shropshire
mdshrops at shropnet.net
Mon Sep 28 20:30:14 UTC 2009
I think it is good to remove it. You don't need with with Drupal
status pages telling you version info in the system. It just gives
hackers more info to narrow down the exploits needed to hack a site/
app. I have noticed that most of the large/well-known Drupal sites
have removed it.
On Sep 28, 2009, at 4:21 PM, Matt Chapman wrote:
> Do others consider it a security risk to leave CHANGELOG.txt web
> accessible; i.e., broadcasting what version of Drupal you're
> running, for those who know to look?
>
> -Matt
>
>
>
> _______________________________________________
> consulting mailing list
> consulting at drupal.org
> http://lists.drupal.org/mailman/listinfo/consulting
More information about the consulting
mailing list