Feature #64429
closed
Remove version number from meta-generator
100%
Description
It should be possible to hide the version number in ...
<meta name="generator" content="TYPO3 6.2 CMS">
... via TS (or in principle), because the visitor does not need to know if the software is f.e. outdated and therefor may have some security issues:
<meta name="generator" content="TYPO3 CMS">
Updated by Mathias Schreiber over 9 years ago
- Tracker changed from Bug to Feature
- Category set to Frontend
- Target version set to 7.2 (Frontend)
Updated by Xavier Perseguers about 9 years ago
We should be aware that hiding the ("major") version of TYPO3 does not enhance security at all. It is straightforward, even without this info to retrieve an relatively exact guess of which version (patch!) the website is running.
So this is more a cosmetic change for clients not aware of this and willing to feel safer without any good reason.
Updated by Benjamin Robinson about 9 years ago
That's true, it would not enhance security, but it would make it less easier to find unsecure sites. The version does not concern the visitor (and search engines) and we don't need to provide it on a silver platter. A bing search for "TYPO3 4.1 CMS" has 13.100 results and most of them are from trustcheck.net and netzcheck.com pointing to outdated installations, due to the meta tag.
Recently an agency contacted one of our clients and pretended his TYPO3 would be outdated – trying to get a job for an update. My client was wondering how they could know the major-version. I told him that anyone – even without any special knowledge or effort – could read it in the html-meta-tags with just two mouseclicks, unfortunately, and i had to explain that 4.5 LTS is still maintained until march and that we had good reasons not to upgrade to early.
Updated by Frank Nägler about 9 years ago
Some years ago I reported the same issue, after many discussions my patch request was rejected.
Before anyone start working on this patch, this feature should be checked and discussed.
Updated by Benjamin Robinson about 9 years ago
Thanks! I found the old feature request with your patch: https://forge.typo3.org/issues/17887
The request has been closed with the argumentation, that it does not enhance security and because of missing feedback. The cause for the obligatory publication of the version number remained unfounded.
Updated by Gerrit Code Review about 9 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/37945
Updated by Gerrit Code Review about 9 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/37945
Updated by Gerrit Code Review about 9 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/37945
Updated by Gerrit Code Review about 9 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/37945
Updated by Gerrit Code Review about 9 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/37945
Updated by Gerrit Code Review almost 9 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/37945
Updated by Gerrit Code Review almost 9 years ago
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40243
Updated by Wouter Wolters almost 9 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset d73a05d2bbdf54bc5294b6e41360e21e6d7929c3.
Updated by Riccardo De Contardi over 6 years ago
- Status changed from Resolved to Closed