Guest Denver Dave Posted December 6, 2005 Share Posted December 6, 2005 I know this has been discussed before, but think it is worth bringing up again. It is a bad security risk to identify the minor version number levels for Cubecart. Just noticed in our website statistics that we had a search for "powered by cubecart 3.0.3". The only reason that I can think of that someone would do this is to exploit the 3.0.3 vulnerability. We have now upgraded to 3.0.6 or at least testing. Would be much better to just identify Cubecart 3, but not the version. phpBB adopted this scheme. Quote Link to comment Share on other sites More sharing options...
Guest hennaboy Posted December 6, 2005 Share Posted December 6, 2005 It is always going to be a problem showing any versions of anything. PHP, MYSQL, APACHE and so on all show version numbers that are all then subject to attack when a security exploit is revealed. I agree that perhaps we should have the option to show the version number and only display powered by cubecart. Or purchase cc and dont display anything at all ;) Quote Link to comment Share on other sites More sharing options...
Guest estelle Posted December 6, 2005 Share Posted December 6, 2005 Or purchase cc and dont display anything at all Yep thats a quick & easy solution ;) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.