Login-Screen

phpwcms is released under GPL. Use this forum to discuss the GPL or inform about possible offences against phpwcms' copyrights.
Post Reply
rowitech
Posts: 13
Joined: Sat 14. Aug 2004, 13:23

Login-Screen

Post by rowitech »

Hi,

I found it useful to create a link to my loginscreen of phpwcms. But even if I didn't it may be a security hole letting the unregistered user see which version I did install. So please tell me what is the goal of letting the just-surfed-in user see exactly which version I have?

I would like to switch off every content in the login screen except of the login itself an the phpwcms notice. I really don't like the surfed-in-user to show which person is currently logged in, it won't make sense.

What do you think about it?

My Version is 1.1-RC4 22-06-2004

Rolf
evan
Posts: 31
Joined: Sun 28. Mar 2004, 22:57

Re: Login-Screen

Post by evan »

rowitech wrote:Hi,

I found it useful to create a link to my loginscreen of phpwcms. But even if I didn't it may be a security hole letting the unregistered user see which version I did install. So please tell me what is the goal of letting the just-surfed-in user see exactly which version I have?
That's a non-issue, since the version of phpwcms is put in the HTML source of every page anyway. Since there are no known security holes in the newest version of phpwcms, who cares if someone knows what version you're using? Even if it didn't display what version you used, you'd still be vulnerable to attacks, if any existed.
I really don't like the surfed-in-user to show which person is currently logged in, it won't make sense.
What doesn't make sense is that you're so worried about this.

Just don't link to login.php on your home page. Or if you're really that paranoid, use a .htaccess to password protect login.php at the server level.
Post Reply