ezinfo/about and other standard pages

Next topic

Author	Message
Maarten Holland	Thursday 22 July 2004 1:20:32 am Hi all, I've noticed that there is a page ezinfo/about. Am I allowed to disable this page or is this a sort of copyright that must be enabled? I also like to know if there are more of this sort of pages so I'm not publicing information without my knowledge. Thank you, Maarten
Ole Morten Halvorsen	Tuesday 27 July 2004 6:11:22 am Hi Maarten, Yes you are free to disable the ezinfo/about page if you want. If I am not mistaken you can remove this by commenting out PolicyOmitList[]=ezinfo in your site.ini file. Users wanting to view the ezinfo/about will now require permission which they don`t have by default. Look through the kernel/ directory for different modules/views which you might not need and can disable. Ole M. Senior Software Engineer - Vision with Technology http://www.visionwt.com http://www.omh.cc http://www.twitter.com/omh eZ Certified Developer http://ez.no/certification/verify/358441 http://ez.no/certification/verify/272578
Maarten Holland	Tuesday 27 July 2004 7:32:42 am Thank you Ole, It's not that I don't want to give eZ systems the credits you deserve, but this is for a corporate page and my CEO probably doesn't want it :-( I've disabled it using a virtual URL that maps to my root page. I'll go and check the kernel/ directory for other views. Cheers, Maarten
Alexandre Cunha	Sunday 26 September 2004 11:56:40 am well, creating a virtual url to overide ezinfo/<anything> doest work on ezp 3.4.2 PolicyOmitList[]=ezinfo doest work too. Any ideas without the need to dig in the php code ? http://AlexandreCunha.com
Luc Chase	Sunday 17 April 2011 12:17:34 pm Blocking or disabling ezinfo can be done in a couple of ways. On Apache you could add some .htaccess or RewiteRules and/or within eZ you could add some policy omit rules. But why? It's not going to make a site any more secure. Is this a way of ( not ) solving a problem that doesn't exist? What risks does this step resolve? I doubt that not announcing your version number and installed extensions is a way to secure a system. If the site is vulnerable to attack I don't think it would be because the ezinfo/about is working. Security through obscurity is not best practice... it's not even second-best. Your system needs to be made secure; even when everyone knows how it works. One reason why widely used opensource software tends towards being very secure. The Web Application Service Provider
Heath	Sunday 17 April 2011 3:37:12 pm Hello Martin, You can add the following code to your site.ini override (settings/override/site.ini.append.php) This code should disable the module view across all siteaccesses. [SiteAccessRules] Rules[] Rules[]=access;enable Rules[]=moduleall Rules[]=access;disable Rules[]=module;ezinfo/about Rules[]=module;content/tipafriend I hope this helps others. Normally I recommend against disabling this view. Cheers, Heath Brookins Consulting \| http://brookinsconsulting.com/ Certified \| http://auth.ez.no/certification/verify/380350 Solutions \| http://projects.ez.no/users/community/brookins_consulting eZpedia community documentation project \| http://ezpedia.org