[WEB SECURITY] Securing apache installation with PHP

Peter Motykowski pmotykowski at suncorp.coop
Mon May 23 10:24:31 EDT 2005


> -----Original Message-----
> From: Bernhard Nießl [mailto:bernhard.niessl at gmx.net]
> Sent: Monday, May 23, 2005 7:23 AM
> To: websecurity at webappsec.org
> Subject: RE: [WEB SECURITY] Securing apache installation with PHP
> 
> On 19 May 2005 at 8:34, Peter Motykowski wrote:
> 
> > No need to hand out more info than needed!
>  
> Security by obscurity does not work. PERIOD.
> 

I don't think I've ever heard anyone argue the point of security through obscurity as their only line of defense.  And yes, I would agree someone who chooses to rely solely on this method is foolish.  However, many experienced IT professionals have come to agree that layers of security are a best practice and obscuring your server platform as a layer is a sound approach.  Only after patching and hardening a server platform should you be concerned with obfuscating the output from various daemons. Think of it as icing on the cake...

Peter

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list