Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: "Show Source" info shows version number  (Read 4753 times)

0 Members and 1 Guest are viewing this topic.

lookenround

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
"Show Source" info shows version number
« on: November 09, 2004, 12:46:05 am »

I'd like to make a suggestion that by the close body tag, where it references the CPG version number,
that the version number be an option to toggle on or off. Keeping the rest of the CPG credit info of course :)

Why? In the event there is a security patch pending, googling for Coppermine + "1.3.2" won't show potential targets so easily.
Is it a major issue, no, but something worth considering maybe?

Thanks
« Last Edit: November 09, 2004, 02:37:44 am by kegobeer »
Logged

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: "Show Source" info shows version number
« Reply #1 on: November 09, 2004, 02:37:45 am »

Well, since there aren't any security risks associated with Coppermine, I don't see the point.  That's a comment tag, and isn't indexed by search engines.  Doing a google search for Coppermine Photo Gallery 1.3.0 on my domain comes up with zero matches.

Sorry, don't think this will be changed.
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: "Show Source" info shows version number
« Reply #2 on: November 09, 2004, 08:29:39 am »

It's in there for support purposes: when users post their url on this board, we can easily find out which version they use (and possibly recommend an upgrade), as most users don't care about version numbers, so they only post "the most recent version" when asked what version they use (even if they actually use cpg1.0).
We're going to leave it where it actually is, so it's an "opt-out" option for you - you can remove it if you have security concerns (although kegobeer is absolutely right: this is not a security issue imo, and there has been no security flaw known for standalone coppermine).

Joachim
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 20 queries.