At 13:35 -0500 3/24/03, Adam Nelson wrote:
>I would be wary of disabling version(). That's the kind of annoying
>thing that sys admins do when they don't understand the life of a
>developer. Some programs and modules require the version() function to
>work. Security to that extreme is only useful if you understand that it
>may cause more downtime than a breakin. If that is understood and the
>time/money spent is worth it, then that is fine.
>
>I can only see this kind of security necessary for medical or classified
>information.
I agree that it's a bad idea to disable VERSION(). There are many features
that are version-specific, and an application can tell whether or not
they are available by checking the version number.
>
>
>
>> -----Original Message-----
>> From: Joseph Bueno [mailto:joseph.bueno@stripped]
>> Sent: Monday, March 24, 2003 11:39 AM
>> To: Florian Effenberger
>> Cc: mysql@stripped
>> Subject: Re: disabling version number
>>
>>
>> Florian Effenberger wrote:
>> >>No, why?
>> >
>> >
>> > Part of my security concept, I generally disable all
>> version numbers.
>> >
>> >
>> You can patch mysql source and recompile ;)
>>
>> However, if someone has enough access rights on your system to run
>> "select version();", showing mysql version number should be the least
>> important of your problems.
>>
>> Regards,
> > Joseph Bueno
