> > Basically
> > there's no reason random end users should ever know what your code is
> > written in.
>
> It's trivial for a capable attacker to determine OS/http Server/script
> language. The point is not the language, per se, but the abilities of the
> script writer and the server administrator. Using the 'popular pearl
> scripts' (e.g. the old sendmail.pl script that was full of holes) is a
false
> friend.
>
> Changing the file suffix may slow down the script kiddies, but the 'pros'
> are pounding memory buffers and TCP stacks.
I don't think any one is or has suggested that changing or removing file
suffixes will bring an extended level of security, but I really don't see
what the problem in 'slowing down the script kiddies' is. I mean, I know I'd
rather slow them down then not.
Granted there's dozens of other things to do in order to secure your code
and applications, but I know I'd sleep a little better at night knowing
there's only a relative handful of 'capable attackers' that could decide to
bang at my application as opposed to thousands of script kiddies looking for
language specific holes.
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.