List:General Discussion« Previous MessageNext Message »
From:Johnny Withers Date:January 10 2012 1:00pm
Subject:Re: hide server-version at connect?
View as plain text  
Security through obscurity?

If none of your MySQL (or samba) servers are open to untrusted
networks, why do you need to hide this information.

Sent from my iPad

On Jan 10, 2012, at 6:35 AM, Reindl Harald <h.reindl@stripped> wrote:

>
>
> Am 10.01.2012 13:29, schrieb Johan De Meersman:
>> ----- Original Message -----
>>> From: "Reindl Harald" <h.reindl@stripped>
>>>
>>> sure? what's the binary between version and "mysql_native_password"?
>>
>> No idea, I never bothered to look at the raw protocol :-)
>
> me too :-)
>
>>> mysql 5.5 would be enough i guess, but how to create a patch for
>>> rpmbuild which must not be permanently changed for every mysql update
>>
>> I wouldn't think that bit of the code changes a lot between versions
>
> i will look
>
>> really. Still, do you really think exposing that is such a risk?
>> Do you have servers exposed to the net?
>
> currently i am scanning all servers from a OpenVAS-Appliance and
> my primary target is get away all information disclosures
>
> samba is the next in the list blwoing out even build-number *grr*
>
> all or nothing :-)
>
Thread
hide server-version at connect?Reindl Harald10 Jan
  • Re: hide server-version at connect?Johan De Meersman10 Jan
    • Re: hide server-version at connect?Reindl Harald10 Jan
      • Re: hide server-version at connect?Johan De Meersman10 Jan
        • Re: hide server-version at connect?Reindl Harald10 Jan
          • Re: hide server-version at connect?Johnny Withers10 Jan
            • Re: hide server-version at connect?Johan De Meersman10 Jan
              • Re: hide server-version at connect?Chris Tate-Davies10 Jan
                • Re: hide server-version at connect?Chris Tate-Davies10 Jan
  • Re: hide server-version at connect?Paul DuBois10 Jan