Hi,
I found it useful to create a link to my loginscreen of phpwcms. But even if I didn't it may be a security hole letting the unregistered user see which version I did install. So please tell me what is the goal of letting the just-surfed-in user see exactly which version I have?
I would like to switch off every content in the login screen except of the login itself an the phpwcms notice. I really don't like the surfed-in-user to show which person is currently logged in, it won't make sense.
What do you think about it?
My Version is 1.1-RC4 22-06-2004
Rolf
Login-Screen
Re: Login-Screen
That's a non-issue, since the version of phpwcms is put in the HTML source of every page anyway. Since there are no known security holes in the newest version of phpwcms, who cares if someone knows what version you're using? Even if it didn't display what version you used, you'd still be vulnerable to attacks, if any existed.rowitech wrote:Hi,
I found it useful to create a link to my loginscreen of phpwcms. But even if I didn't it may be a security hole letting the unregistered user see which version I did install. So please tell me what is the goal of letting the just-surfed-in user see exactly which version I have?
What doesn't make sense is that you're so worried about this.I really don't like the surfed-in-user to show which person is currently logged in, it won't make sense.
Just don't link to login.php on your home page. Or if you're really that paranoid, use a .htaccess to password protect login.php at the server level.