List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:March 24 2003 7:28pm
Subject:RE: disabling version number
View as plain text  
At 13:35 -0500 3/24/03, Adam Nelson wrote:
>I would be wary of disabling version().  That's the kind of annoying
>thing that sys admins do when they don't understand the life of a
>developer.  Some programs and modules require the version() function to
>work.  Security to that extreme is only useful if you understand that it
>may cause more downtime than a breakin.  If that is understood and the
>time/money spent is worth it, then that is fine.
>
>I can only see this kind of security necessary for medical or classified
>information.

I agree that it's a bad idea to disable VERSION().  There are many features
that are version-specific, and an application can tell whether or not
they are available by checking the version number.

>
>
>
>>  -----Original Message-----
>>  From: Joseph Bueno [mailto:joseph.bueno@stripped]
>>  Sent: Monday, March 24, 2003 11:39 AM
>>  To: Florian Effenberger
>>  Cc: mysql@stripped
>>  Subject: Re: disabling version number
>>
>>
>>  Florian Effenberger wrote:
>>  >>No, why?
>>  >
>>  >
>>  > Part of my security concept, I generally disable all
>>  version numbers.
>>  >
>>  >
>>  You can patch mysql source and recompile ;)
>>
>>  However, if someone has enough access rights on your system to run
>>  "select version();", showing mysql version number should be the least
>>  important of your problems.
>>
>>  Regards,
>  > Joseph Bueno

Thread
disabling version numberFlorian Effenberger24 Mar
  • Re: disabling version numberPaul DuBois24 Mar
  • Re: disabling version numberFlorian Effenberger24 Mar
    • Re: disabling version numberJoseph Bueno24 Mar
      • RE: disabling version numberJeremy Tinley24 Mar
        • RE: disabling version numberPaul DuBois24 Mar
        • RE: disabling version numberKeith C. Ivey24 Mar
      • RE: disabling version numberAdam Nelson24 Mar
        • RE: disabling version numberPaul DuBois24 Mar
  • Re: disabling version numberFlorian Effenberger24 Mar