[WEB SECURITY] Securing apache installation with PHP
Peter Motykowski
pmotykowski at suncorp.coop
Mon May 23 10:24:31 EDT 2005
> -----Original Message-----
> From: Bernhard Nießl [mailto:bernhard.niessl at gmx.net]
> Sent: Monday, May 23, 2005 7:23 AM
> To: websecurity at webappsec.org
> Subject: RE: [WEB SECURITY] Securing apache installation with PHP
>
> On 19 May 2005 at 8:34, Peter Motykowski wrote:
>
> > No need to hand out more info than needed!
>
> Security by obscurity does not work. PERIOD.
>
I don't think I've ever heard anyone argue the point of security through obscurity as their only line of defense. And yes, I would agree someone who chooses to rely solely on this method is foolish. However, many experienced IT professionals have come to agree that layers of security are a best practice and obscuring your server platform as a layer is a sound approach. Only after patching and hardening a server platform should you be concerned with obfuscating the output from various daemons. Think of it as icing on the cake...
Peter
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
More information about the websecurity
mailing list