[dokuwiki] Re: SPAM: Re: HTML header, generator and keywords

> -----Original Message-----
> From: dokuwiki-bounce@xxxxxxxxxxxxx 
> [mailto:dokuwiki-bounce@xxxxxxxxxxxxx] On Behalf Of Sebastian Pipping
> Sent: Saturday, April 07, 2007 7:11 PM
> To: dokuwiki@xxxxxxxxxxxxx
> Subject: SPAM: [dokuwiki] Re: HTML header, generator and keywords
> 
> Andreas Gohr wrote:
> > He could also simply attack *all* DokuWikis. It wouldn't 
> matter much.
> 
> --------------------------------------------------------
> Matter to whom? It makes a difference to me, I will
> keep cutting the version number out.
> --------------------------------------------------------

The version number reported by Dokuwiki is meaningless in an attack
plan. Since all fixes are released as individual patches, it is easy to
back port any or all of them to any version that is in production use.
It is also so simple to write scripts to test for known vulnerabilities
that it is not worth the extra effort to identify the version
beforehand.

But that brings up an alternative question. Is there a list of known
vulnerabilities in Dokuwiki that identifies the patches that fixed them?
Something like a critical updates list would work. Making sure that all
of those patches have been applied would be much more effective than
simply erasing the version number.

Bob McConnell
Principal Communications Programmer
The CBORD Group, Inc.
61 Brown Road
Ithaca NY, 14850
Phone 607 257-2410
FAX 607 257-1902
Email rvm@xxxxxxxxx
Web www.cbord.com
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts: