ezinfo/about and other standard pages

Thursday 22 July 2004 1:20:32 am

Hi all,

I've noticed that there is a page ezinfo/about. Am I allowed to disable this page or is this a sort of copyright that must be enabled?

I also like to know if there are more of this sort of pages so I'm not publicing information without my knowledge.

Thank you,

Maarten

Tuesday 27 July 2004 7:32:42 am

Thank you Ole,

It's not that I don't want to give eZ systems the credits you deserve, but this is for a corporate page and my CEO probably doesn't want it :-(

I've disabled it using a virtual URL that maps to my root page. I'll go and check the kernel/ directory for other views.

Cheers,

Maarten

Sunday 17 April 2011 12:17:34 pm

Blocking or disabling ezinfo can be done in a couple of ways. On Apache you could add some .htaccess or RewiteRules and/or within eZ you could add some policy omit rules. But why? It's not going to make a site any more secure.
Is this a way of ( not ) solving a problem that doesn't exist?
What risks does this step resolve? I doubt that not announcing your version number and installed extensions is a way to secure a system. If the site is vulnerable to attack I don't think it would be because the ezinfo/about is working.
Security through obscurity is not best practice... it's not even second-best. Your system needs to be made secure; even when everyone knows how it works. One reason why widely used opensource software tends towards being very secure.

The Web Application Service Provider