Date: Thu, 3 Feb 2005 13:50:28 GMT From: Ceri Davies <ceri@submonkey.net> To: freebsd-doc@FreeBSD.org Subject: Re: docs/77058: Add note to the effect that security by obscurity is not security. Message-ID: <200502031350.j13DoSea074307@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/77058; it has been noted by GNATS. From: Ceri Davies <ceri@submonkey.net> To: Brad Davis <so14k@so14k.com> Cc: FreeBSD-gnats-submit@FreeBSD.org Subject: Re: docs/77058: Add note to the effect that security by obscurity is not security. Date: Thu, 3 Feb 2005 13:48:39 +0000 On Thu, Feb 03, 2005 at 04:32:16AM -0700, Brad Davis wrote: > --- doc-ori/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml Thu Feb 3 04:20:21 2005 > +++ doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml Thu Feb 3 04:28:32 2005 > @@ -4177,9 +4177,16 @@ > <para>Permitting version lookups on the <acronym>DNS</acronym> > server could be opening the doors for an attacker. A > malicious user may use this information to hunt up known > - exploits or bugs to utilize against the host. A false version > - string can be placed the <literal>options</literal> section of > - <filename>named.conf</filename>:</para> > + exploits or bugs to utilize against the host.</para> > + > + <warning> > + <para>This will not protect you from exploits. Only upgrading to a > + version that is not vunerable will protect your server.</para> > + </warning> > + > + <para>A false version string can be placed the > + <literal>options</literal> section of > + <filename>named.conf</filename>:</para> > > <programlisting>options { > directory "/etc/namedb";A ispell again please; "vunerable" at least is incorrect. Cheers, Ceri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502031350.j13DoSea074307>