Tweet |
I have read about this in Apress ( Apress Beginning PHP and MySQL From Novice to Professional ) , Chapter 21 ( Securing Your Web Site )
Simply this information you won't use if you are working on a shared hosting , or working locally on you machine, but if you manage to create your own servers, you would rather disable expose_php .
Each scrap of information that a potential attacker can gather about a web server increases the
chances that he will successfully compromise it. One simple way to obtain key information about server
characteristics is via the server signature.
For example, Apache will broadcast the following information
within each response header by default:
Apache/2.2.0 (Unix) PHP/5.3.0 PHP/5.3.0-dev Server at www.example.com Port 80
Disabling expose_php prevents the web server signature (if enabled) from broadcasting the fact that
PHP is installed. Although you need to take other steps to ensure sufficient server protection, obscuring
server properties such as this one is nonetheless heartily recommended.
Simply this information you won't use if you are working on a shared hosting , or working locally on you machine, but if you manage to create your own servers, you would rather disable expose_php .
0 comments: