docs/77058: Add note to the effect that security by obscurity is not security.
Ceri Davies
ceri at submonkey.net
Thu Feb 3 13:50:29 UTC 2005
The following reply was made to PR docs/77058; it has been noted by GNATS.
From: Ceri Davies <ceri at submonkey.net>
To: Brad Davis <so14k at so14k.com>
Cc: FreeBSD-gnats-submit at FreeBSD.org
Subject: Re: docs/77058: Add note to the effect that security by obscurity is not security.
Date: Thu, 3 Feb 2005 13:48:39 +0000
On Thu, Feb 03, 2005 at 04:32:16AM -0700, Brad Davis wrote:
> --- doc-ori/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml Thu Feb 3 04:20:21 2005
> +++ doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml Thu Feb 3 04:28:32 2005
> @@ -4177,9 +4177,16 @@
> <para>Permitting version lookups on the <acronym>DNS</acronym>
> server could be opening the doors for an attacker. A
> malicious user may use this information to hunt up known
> - exploits or bugs to utilize against the host. A false version
> - string can be placed the <literal>options</literal> section of
> - <filename>named.conf</filename>:</para>
> + exploits or bugs to utilize against the host.</para>
> +
> + <warning>
> + <para>This will not protect you from exploits. Only upgrading to a
> + version that is not vunerable will protect your server.</para>
> + </warning>
> +
> + <para>A false version string can be placed the
> + <literal>options</literal> section of
> + <filename>named.conf</filename>:</para>
>
> <programlisting>options {
> directory "/etc/namedb";A
ispell again please; "vunerable" at least is incorrect.
Cheers,
Ceri
More information about the freebsd-doc
mailing list