[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Hiding Subversion version number

From: Eric Johnson <eric_at_tibco.com>
Date: Sat, 16 Dec 2017 07:05:52 -0800

Hiding the version information is but a piece of the puzzle. It won’t save
a server from a persistent attacker. However, hiding the server software,
and the software version, makes it harder for “drive-by” attackers to
discover that your server is vulnerable. They don’t generally want to spend
the time to test the universe of known compromises to server software, but
if they know they only need to test for vulnerabilities to Subversion
1.7.X, then you’ve got their attention.

Hiding that information slows the drive-by attackers down, much like having
a safe will do the same. In some cases the extra time nudges attackers
towards looking for easier targets.


On Dec 16, 2017, at 3:35 AM, Branko Čibej <brane_at_apache.org> wrote:

On 15.12.2017 20:10, Matt Simmons wrote:

Many documents relating to information security compliance require

blocking visible software version information.

Interesting documents. I'd have expected them to require all software to
be patched to fix all known security bugs. I thought the "security by
obscurity" mantra had been debunked, but apparently not ...

-- Brane

On Fri, Dec 15, 2017 at 10:46 AM Nico Kadel-Garcia <nkadel_at_gmail.com

<mailto:nkadel_at_gmail.com <nkadel_at_gmail.com>>> wrote:

   Why would you want to hide this?

   On Fri, Dec 15, 2017 at 10:54 AM, Dave Huang <khym_at_azeotrope.org

   <mailto:khym_at_azeotrope.org <khym_at_azeotrope.org>>> wrote:

On Dec 15, 2017, at 9:15, Dhanushka Parakrama

   <parakrama1282_at_gmail.com <mailto:parakrama1282_at_gmail.com


Hi All

Is there any configuration where i can hide the subversion

   version details

.Please see copied image <image.png>

"Today, vegetables... Tomorrow, the world!"
Received on 2017-12-16 16:06:06 CET

This is an archived mail posted to the Subversion Users mailing list.