PHP :: Bug #30892 :: expose_php *is* effectively a security threat

Bug #30892	expose_php is effectively a security threat
Submitted:	2004-11-25 06:21 UTC	Modified:	2004-11-25 23:05 UTC
From:	mark_php at stewards dot telinco dot co dot uk	Assigned:
Status:	Not a bug	Package:	PHP options/info functions
PHP Version:	5.0.2	OS:	Windows XP SP2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mark_php at stewards dot telinco dot co dot uk
New email:
PHP Version:		OS:

New Comment:

[2004-11-25 06:21 UTC] mark_php at stewards dot telinco dot co dot uk

Description:
------------
A very minor issue - I think the wording could be more informative, given today's apathy for updating.  expose_php *can be* a security threat if the user doesn't keep PHP up-to-date.

Hiding it doesn't make a server more secure, but will protect from large-scale sweeps, and I've seen it used as an excuse not to update.  On the other hand, it stops the considerate people noticing (not really a factor for a sensible admin) and breaks web-software surveys.

I'd suggest changing it to something like "It is not a security threat on its own", and adding "Do not remove this to hide the fact that you don't update - join the PHP announcements list.".

Reproduce code:
---------------
;
; Misc
;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
expose_php = On

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-11-25 23:05 UTC] iliaa@php.net

not an issue.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Dec 05 16:00:02 2025 UTC