[wp-trac] [WordPress Trac] #12495: Don't include generator tags by default
WordPress Trac
wp-trac at lists.automattic.com
Fri Mar 5 07:11:33 UTC 2010
#12495: Don't include generator tags by default
--------------------------+-------------------------------------------------
Reporter: scribu | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: General | Version:
Severity: normal | Keywords: has-patch
--------------------------+-------------------------------------------------
Comment(by dd32):
> Is there some other area the version number is displayed publicly?
No, Just the generator tags.
That does not mean the exact revision cannot be infered, As i said, by the
size of the various JS/CSS files, and the existance of certain files.
I have seen a few exploit scripts which checked for the existance of a
file before attempting an attack, and modifying it slightly for an earlier
version.
My point remains that to me, Removing it doesnt make sense, It only
appears to make it more secure, it doesnt infact do that at all. If
someone doesnt want that information publically available in the page
source, they just need to remove the generator lines.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12495#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list