[WEB SECURITY] Securing apache installation with PHP

Peter Motykowski pmotykowski at suncorp.coop
Mon May 23 10:24:31 EDT 2005

> -----Original Message-----
> From: Bernhard Nießl [mailto:bernhard.niessl at gmx.net]
> Sent: Monday, May 23, 2005 7:23 AM
> To: websecurity at webappsec.org
> Subject: RE: [WEB SECURITY] Securing apache installation with PHP
> On 19 May 2005 at 8:34, Peter Motykowski wrote:
> > No need to hand out more info than needed!
> Security by obscurity does not work. PERIOD.

I don't think I've ever heard anyone argue the point of security through obscurity as their only line of defense.  And yes, I would agree someone who chooses to rely solely on this method is foolish.  However, many experienced IT professionals have come to agree that layers of security are a best practice and obscuring your server platform as a layer is a sound approach.  Only after patching and hardening a server platform should you be concerned with obfuscating the output from various daemons. Think of it as icing on the cake...


The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list