Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
Joomla! CMS Development
Home
About this group
Apply for group membership
Joomla Version Number and Google Webmaster Tools
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   Messages 1 - 25 of 48 - Collapse all  -  Translate all to Translated (View all originals)   Newer >
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Mark Dexter  
View profile  
 More options Feb 9 2012, 11:28 am
From: Mark Dexter <dextercow...@gmail.com>
Date: Thu, 9 Feb 2012 08:28:24 -0800
Local: Thurs, Feb 9 2012 11:28 am
Subject: Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

Hi everyone. The folks at Google who are responsible for the Google
Webmaster Tools (http://support.google.com/webmasters/?hl=en) have asked us
if we want to enable an update notification process for our mutual users.
They have been doing this for a few years with WordPress. Here is a link
with some background information:
http://googlewebmastercentral.blogspot.com/2009/11/new-software-versi...
.

Here's how it works.

1. WordPress by default puts the full version number in the metadata,
similar to what we do (
<meta name="generator" content="Joomla! 1.5 - Open Source Content
Management" />) except with the full version (for example 1.5.23).
2. WordPress notifies Google when a new version is released or when an old
version reaches end of life.
3. When the Google crawler finds a site that should be updated and is
registered in Webmaster Tools, Google sends a message via Webmaster Tools
to the site admin notifying them that the site should be updated. (If the
site is not registered with Webmaster Tools, nothing happens.)

One important advantage of this approach is that site admins can have their
Webmaster Tools messages forwarded to them via email. So they can be
notified about updates without having to visit or log in to the sites.

The only change we would need to do to enable this would be to put the full
version in a meta element. Some people have expressed concern that this is
a security risk. Google and WordPress (and most security people I've talked
to) think the benefits of update notification are far greater than any
risk. (Evidently most hackers just try to run an exploit and don't bother
checking for software versions. Also the full version number is already
exposed in the administrator/manifests/files/joomla.xml file.)

The PLT thinks it would be a good thing to do. If enough people are
concerned about it, we could add a global configuration parameter that
would allow people to not expose the version. Even without a parameter,
anyone could write a simple plugin to alter or remove the metadata.

My first choice would be to simply add the version number in the metadata
without another parameter. My second choice would be to add it in with a
parameter (with a default value of showing the version number).

What do other people think about this? Thanks.

Mark Dexter


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Nils Rückmann  
View profile  
 More options Feb 9 2012, 12:24 pm
From: Nils Rückmann <i...@nils-rueckmann.de>
Date: Thu, 9 Feb 2012 09:24:54 -0800 (PST)
Local: Thurs, Feb 9 2012 12:24 pm
Subject: Re: Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

+1


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Niels Braczek  
View profile   Translate to Translated (View Original)
 More options Feb 9 2012, 1:36 pm
From: Niels Braczek <nbrac...@bsds.de>
Date: Thu, 09 Feb 2012 19:36:53 +0100
Local: Thurs, Feb 9 2012 1:36 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author
+1

Regards,
Niels

--
| http://barcamp-wk.de  ·  1. Barcamp Westküste  30./31. März 2012 |
| http://www.bsds.de   ·   BSDS Braczek Software- und DatenSysteme |
| Webdesign · Webhosting · e-Commerce · Joomla! Content Management |
 ------------------------------------------------------------------


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Hannes Papenberg  
View profile  
 More options Feb 9 2012, 1:55 pm
From: Hannes Papenberg <hackwa...@googlemail.com>
Date: Thu, 09 Feb 2012 19:55:38 +0100
Local: Thurs, Feb 9 2012 1:55 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author
Like it. Maybe the best way would be to add a global parameter that
adds/removes the whole generator tag. Or go a step further and make it a
super simply plugin that you can enable/disable. Enabled by default.

Hannes

Am 09.02.2012 17:28, schrieb Mark Dexter:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Matt Thomas  
View profile  
 More options Feb 9 2012, 2:02 pm
From: Matt Thomas <m...@betweenbrain.com>
Date: Thu, 9 Feb 2012 14:02:09 -0500
Local: Thurs, Feb 9 2012 2:02 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

The plugin idea is great way to implement this. +1

Best,

Matt Thomas
Founder betweenbrain <http://betweenbrain.com/>™
Lead Developer Construct Template Development
Framework<http://construct-framework.com/>
Phone: 203.632.9322
Twitter: @betweenbrain
Github: https://github.com/betweenbrain

On Thu, Feb 9, 2012 at 1:55 PM, Hannes Papenberg
<hackwa...@googlemail.com>wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Rouven Weßling  
View profile  
 More options Feb 9 2012, 2:04 pm
From: Rouven Weßling <m...@rouvenwessling.de>
Date: Thu, 9 Feb 2012 20:04:35 +0100
Local: Thurs, Feb 9 2012 2:04 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author
I'm also in favor.

I do find it amusing that we just went trough quite a bit of trouble with 2.5.0 and 2.5.1 to hide the version number for unauthorised vistors.

On 09.02.2012, at 19:55, Hannes Papenberg wrote:

> Like it. Maybe the best way would be to add a global parameter that
> adds/removes the whole generator tag. Or go a step further and make it a
> super simply plugin that you can enable/disable. Enabled by default.

There are already extensions out there that allow you to hide the generator tag, I don't see why we have to suck it into the core.

Rouven


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Mike Carson  
View profile  
 More options Feb 9 2012, 2:08 pm
From: Mike Carson <m...@itdwebdesign.com>
Date: Thu, 9 Feb 2012 13:08:08 -0600
Local: Thurs, Feb 9 2012 2:08 pm
Subject: RE: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author
How would this affect security for sites that are not regularly updated by
their owners? Would this be a potential risk for making the sites an
easier target for those exploiting vulnerabilities?

Regards,
Mike Carson


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Mike Carson  
View profile  
 More options Feb 9 2012, 2:13 pm
From: Mike Carson <m...@itdwebdesign.com>
Date: Thu, 9 Feb 2012 13:13:58 -0600
Local: Thurs, Feb 9 2012 2:13 pm
Subject: RE: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author
The more I think about this, I feel there are better ways of achieving the
exact same thing internally on the site itself.
I'm going to use Akeeba Backup as an example. It has a built in update
email notification. So when there is a new version of Akeeba Backup then
the site sends an email to the site administrator notifying then that a
new update is available. This is a very nice feature. Why couldn't the CMS
have an update notification plugin that works in a cronless manner and is
just triggered when the site gets a visit and then sends out the email
notifications that there is an update available.

Regards,
Mike Carson


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Matt Thomas  
View profile  
 More options Feb 9 2012, 2:15 pm
From: Matt Thomas <m...@betweenbrain.com>
Date: Thu, 9 Feb 2012 14:15:52 -0500
Local: Thurs, Feb 9 2012 2:15 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

Maybe it would be better to implement this as disabled by default and users
could opt-in to use it.

Best,

Matt Thomas
Founder betweenbrain <http://betweenbrain.com/>™
Lead Developer Construct Template Development
Framework<http://construct-framework.com/>
Phone: 203.632.9322
Twitter: @betweenbrain
Github: https://github.com/betweenbrain


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Ken Ballou  
View profile  
 More options Feb 9 2012, 2:15 pm
From: Ken Ballou <bal...@crab.mv.com>
Date: Thu, 09 Feb 2012 14:15:48 -0500
Local: Thurs, Feb 9 2012 2:15 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

Wouldn't a busy site hammer the update server hard with requests to
check for an updated version?

On 2/9/2012 2:13 PM, Mike Carson wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Andrea Tarr at Tarr Consulting  
View profile  
 More options Feb 9 2012, 2:20 pm
From: Andrea Tarr at Tarr Consulting <at...@tarrconsulting.com>
Date: Thu, 9 Feb 2012 14:20:05 -0500
Local: Thurs, Feb 9 2012 2:20 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

One of the good points of the webmaster tools is that the webmaster doesn't need to visit the site to get the message. There are webmasters out there maintaining numerous sites where they don't normally need to visit the backend.

In answer to your first question Mark wrote in his original message:

"Some people have expressed concern that this is a security risk. Google and WordPress (and most security people I've talked to) think the benefits of update notification are far greater than any risk. (Evidently most hackers just try to run an exploit and don't bother checking for software versions. Also the full version number is already exposed in the administrator/manifests/files/joomla.xml file.)"

Thanks,
Andy

Andrea Tarr

Tarr Consulting
www.tarrconsulting.com

On Feb 9, 2012, at 2:13 PM, Mike Carson wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Mike Carson  
View profile  
 More options Feb 9 2012, 2:22 pm
From: Mike Carson <m...@itdwebdesign.com>
Date: Thu, 9 Feb 2012 13:22:03 -0600
Local: Thurs, Feb 9 2012 2:22 pm
Subject: RE: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

I’m sure there are pros and cons about how you do this in any manner.

The site has to do a call home to somewhere to check version numbers no
matter what way you implement it.

I think it’s worth discussing though. And personally I think that we need
to keep security as a number one concern with making it easy to find out
the version number of any given site.

Regards,
Mike Carson

*From:* joomla-dev-cms@googlegroups.com [mailto:
joomla-dev-cms@googlegroups.com] *On Behalf Of *Ken Ballou
*Sent:* Thursday, February 09, 2012 1:16 PM
*To:* joomla-dev-cms@googlegroups.com
*Subject:* Re: [jcms] Joomla Version Number and Google Webmaster Tools

Wouldn't a busy site hammer the update server hard with requests to check
for an updated version?

On 2/9/2012 2:13 PM, Mike Carson wrote:

The more I think about this, I feel there are better ways of achieving the

exact same thing internally on the site itself.

I'm going to use Akeeba Backup as an example. It has a built in update

email notification. So when there is a new version of Akeeba Backup then

the site sends an email to the site administrator notifying then that a

new update is available. This is a very nice feature. Why couldn't the CMS

have an update notification plugin that works in a cronless manner and is

just triggered when the site gets a visit and then sends out the email

notifications that there is an update available.

Regards,

Mike Carson


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Mark Dexter  
View profile  
 More options Feb 9 2012, 2:24 pm
From: Mark Dexter <dextercow...@gmail.com>
Date: Thu, 9 Feb 2012 11:24:09 -0800
Local: Thurs, Feb 9 2012 2:24 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

@Mike: I agree that email notification would be a good feature to look at
for core. I think it could be done with a CLI application running from a
cron job. However, I don't think that would be a reason not to implement
the proposed Google method as well. The more ways we have to let people
know about updates, the better in my opinion.

@Ken: With the present update check, we only check the site once per day.

As far as doing this with a plugin, we could certainly do that but it seems
like a lot of code and fuss for such a small thing.

Mark


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Hannes Papenberg  
View profile  
 More options Feb 9 2012, 2:27 pm
From: Hannes Papenberg <hackwa...@googlemail.com>
Date: Thu, 9 Feb 2012 20:27:01 +0100
Local: Thurs, Feb 9 2012 2:27 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

I'm not talking about a plugin to hide it, but to remove that completely
from the core (I think its in JDocumentHTML) and instead add the tag with
that plugin. So if you want to hide the generator tag, you simply disable
that plugin, instead of adding a new plugin. The version number would just
be a fixed part of that tag.
Am 09.02.2012 20:04 schrieb "Rouven Weßling" <m...@rouvenwessling.de>:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Hannes Papenberg  
View profile  
 More options Feb 9 2012, 2:31 pm
From: Hannes Papenberg <hackwa...@googlemail.com>
Date: Thu, 9 Feb 2012 20:31:21 +0100
Local: Thurs, Feb 9 2012 2:31 pm
Subject: RE: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

If Google crawls your site, sees the version and sends you a reminder, no
one has to do any more work than currently is done. Neither your site would
"phone home" nor would you query Joomla.org.
Am 09.02.2012 20:22 schrieb "Mike Carson" <m...@itdwebdesign.com>:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Niels Braczek  
View profile  
 More options Feb 9 2012, 2:32 pm
From: Niels Braczek <nbrac...@bsds.de>
Date: Thu, 09 Feb 2012 20:32:48 +0100
Local: Thurs, Feb 9 2012 2:32 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author
Am 09.02.2012 20:08, schrieb Mike Carson:

> How would this affect security for sites that are not regularly updated by
> their owners? Would this be a potential risk for making the sites an
> easier target for those exploiting vulnerabilities?

On these sites, the plugin can be disabled. The benefit of these alerts
are greater than the risk.

Regards,
Niels

--
| http://barcamp-wk.de  ·  1. Barcamp Westküste  30./31. März 2012 |
| http://www.bsds.de   ·   BSDS Braczek Software- und DatenSysteme |
| Webdesign · Webhosting · e-Commerce · Joomla! Content Management |
 ------------------------------------------------------------------


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Ken Ballou  
View profile  
 More options Feb 9 2012, 2:35 pm
From: Ken Ballou <bal...@crab.mv.com>
Date: Thu, 09 Feb 2012 14:35:54 -0500
Local: Thurs, Feb 9 2012 2:35 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

On 2/9/2012 2:24 PM, Mark Dexter wrote:

> @Mike: I agree that email notification would be a good feature to look
> at for core. I think it could be done with a CLI application running
> from a cron job. However, I don't think that would be a reason not to
> implement the proposed Google method as well. The more ways we have to
> let people know about updates, the better in my opinion.

> @Ken: With the present update check, we only check the site once per day.

This is true, but I thought the proposal was to check for an update
*every time the site gets a visitor.*  Perhaps I misunderstood?

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Mike Carson  
View profile  
 More options Feb 9 2012, 2:37 pm
From: Mike Carson <m...@itdwebdesign.com>
Date: Thu, 9 Feb 2012 13:37:09 -0600
Local: Thurs, Feb 9 2012 2:37 pm
Subject: RE: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

OK I do agree with you that the more way of notifying people, the better.
But let’s be realistic here, people are LAZY! If they are too lazy to sign
up for the security mailing list on the download page of Joomla.org where
notifications get sent out, then the chances are also extremely high that
they are also going to be too lazy to sign up for the Google notifications
as well. I think that if we lived in a euphoric world where everyone took
advantage of all the notification efforts that have been put in place then
we wouldn’t have to worry about it. But reality is that some people need to
be hit upside the head with a 2x4 board before you can get their attention.
This is why I think it would be better if the emails come from the site
itself. If people got notifications about updates from the site itself they
would feel much more of an urgency to update the site because it is more of
a personal tie to the site. And for those who build and maintain a lot of
sites like we do, I would want to have to try to remember to go log the URL
in Google every time for the updates notifications.

Also another PRO to this is that if the site itself notified ALL super
users that an update is available, then you would have a much larger chance
of the site getting updated when multiple persons are notified.

Just my thoughts to ponder.

Regards,
Mike Carson
Integrated Technology & Design Inc.
Your Web Solutions Partner
http://itdwebdesign.com
1-888-760-0878

The information contained in this e-mail message, and any attachment, is
confidential and may not be disclosed without our express permission. If
you are not the intended recipient or agent responsible for delivering this
message to the intended recipient, you are hereby notified that you have
received this message in error and that any review, dissemination,
distribution, forwarding or copying of this message, and any attachment, in
whole or in part, is strictly prohibited. If you have received this message
in error, please immediately notify us by telephone, fax or e-mail and
delete the message and all of its attachments. Thank you.

*From:* joomla-dev-cms@googlegroups.com [mailto:
joomla-dev-cms@googlegroups.com] *On Behalf Of *Mark Dexter
*Sent:* Thursday, February 09, 2012 1:24 PM
*To:* joomla-dev-cms@googlegroups.com
*Subject:* Re: [jcms] Joomla Version Number and Google Webmaster Tools

@Mike: I agree that email notification would be a good feature to look at
for core. I think it could be done with a CLI application running from a
cron job. However, I don't think that would be a reason not to implement
the proposed Google method as well. The more ways we have to let people
know about updates, the better in my opinion.

@Ken: With the present update check, we only check the site once per day.

As far as doing this with a plugin, we could certainly do that but it seems
like a lot of code and fuss for such a small thing.

Mark

On Thu, Feb 9, 2012 at 11:22 AM, Mike Carson <m...@itdwebdesign.com> wrote:

I’m sure there are pros and cons about how you do this in any manner.

The site has to do a call home to somewhere to check version numbers no
matter what way you implement it.

I think it’s worth discussing though. And personally I think that we need
to keep security as a number one concern with making it easy to find out
the version number of any given site.

Regards,
Mike Carson

*From:* joomla-dev-cms@googlegroups.com [mailto:
joomla-dev-cms@googlegroups.com] *On Behalf Of *Ken Ballou
*Sent:* Thursday, February 09, 2012 1:16 PM

*To:* joomla-dev-cms@googlegroups.com
*Subject:* Re: [jcms] Joomla Version Number and Google Webmaster Tools

Wouldn't a busy site hammer the update server hard with requests to check
for an updated version?

On 2/9/2012 2:13 PM, Mike Carson wrote:

The more I think about this, I feel there are better ways of achieving the

exact same thing internally on the site itself.

I'm going to use Akeeba Backup as an example. It has a built in update

email notification. So when there is a new version of Akeeba Backup then

the site sends an email to the site administrator notifying then that a

new update is available. This is a very nice feature. Why couldn't the CMS

have an update notification plugin that works in a cronless manner and is

just triggered when the site gets a visit and then sends out the email

notifications that there is an update available.

Regards,

Mike Carson


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Webdongle  
View profile  
 More options Feb 9 2012, 7:11 pm
From: Webdongle <i...@weblinksonline.co.uk>
Date: Thu, 9 Feb 2012 16:11:27 -0800 (PST)
Local: Thurs, Feb 9 2012 7:11 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

A plugin disabled by default sounds good.  One question that comes to mind
.... If it is agreed to then would that add weight to Joomla sites in
searches because Google favours software that acknowledges them ?


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Mark Dexter  
View profile  
 More options Feb 9 2012, 7:48 pm
From: Mark Dexter <dextercow...@gmail.com>
Date: Thu, 9 Feb 2012 16:48:57 -0800
Local: Thurs, Feb 9 2012 7:48 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

I very much doubt that. I don't think this has anything to do with page
rank (other than indirectly that Webmaster Tools gives you tips for
improving your site). Mark


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Brad Gies  
View profile  
 More options Feb 9 2012, 8:39 pm
From: Brad Gies <rbg...@gmail.com>
Date: Thu, 09 Feb 2012 17:39:42 -0800
Local: Thurs, Feb 9 2012 8:39 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

+1

I really like the idea, but only if there IS A PARAMETER for at least
the first version. I don't mind if the default is on or off, but if some
security hole is discovered, you really want site admins to be able to
turn it off, although I agree that the benefits far outweigh the risks.

Brad.

On 09/02/2012 8:28 AM, Mark Dexter wrote:

--
Sincerely,

Brad Gies
----------------------------------------------
bgies.com              maxhomevalue.com
idailythought.com      greenfarminvest.com
----------------------------------------------


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Sam Moffatt  
View profile  
 More options Feb 9 2012, 11:36 pm
From: Sam Moffatt <pasa...@gmail.com>
Date: Thu, 9 Feb 2012 20:36:16 -0800
Local: Thurs, Feb 9 2012 11:36 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author
To be honest sniffing for the version is one of those nice to haves
but if someone is really after your site they'll just open up with a
broad base of attacks that might stick to see what is vulnerable and
work from there. In a sense publicly disclosing the version number is
an issue but in a much more real sense hiding it isn't going to stop
someone just probing the site and hitting exploit points anyway.

If anything all they really care about is if it is Joomla! or not so
they can pick their attack toolkit. From there running through every
vuln from 1.0 to now really isn't a problem for your average script
kiddie, just a matter of time.

Cheers,

Sam Moffatt
http://pasamio.id.au


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Alex Andreae  
View profile  
 More options Feb 9 2012, 11:49 pm
From: Alex Andreae <alzan...@gmail.com>
Date: Thu, 9 Feb 2012 20:49:01 -0800 (PST)
Local: Thurs, Feb 9 2012 11:49 pm
Subject: Re: Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author
I like the idea and think it would be very useful to a ton of users,
and more notification is better.

My only feedback is that I think a parameter is the best idea. Adding
it as a plugin doesn't really have any benefit and moving everything
to system plugins is slowly becoming overwhelming. This would be
implemented with a simple/fast "if ($config->get('show;)) $doc-

>addCustomTag('blah');". With a system plugin, with every page load,

you're adding extra CPU time and memory overhead for construction,
adding to the array of plugins, the execution for this plugin for each
onAfter event, etc.

Eventually, all the system plugins do add up, and it's also getting
hard to manage all the disparate System plugins which do different
things. Since there's no grouping, this will get lost and frankly be
harder to find than necessary.

In short, this seems like a perfect setting for the "Site" global
config area and not as a plugin :)

Alex


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Andrew Eddie  
View profile  
 More options Feb 9 2012, 11:55 pm
From: Andrew Eddie <mambob...@gmail.com>
Date: Thu, 9 Feb 2012 20:55:50 -0800 (PST)
Local: Thurs, Feb 9 2012 11:55 pm
Subject: Re: [jcms] Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author

Given that it's really simple to infer the version anyway, I'd opt for a
really simple solution.  Change the default generator to include the
version and add a parameter to the core templates to change it or turn it
off (which would save people asking how to do it), and template designers
can follow suit (if they don't already).

Regards,
Andrew Eddie


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Mark Dexter  
View profile  
 More options Feb 10 2012, 7:16 pm
From: Mark Dexter <dextercow...@gmail.com>
Date: Fri, 10 Feb 2012 16:16:55 -0800 (PST)
Local: Fri, Feb 10 2012 7:16 pm
Subject: Re: Joomla Version Number and Google Webmaster Tools
Print | Individual message | Show original | Report this message | Find messages by this author
I've created a Feature Tracker issue and patch here:
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEd....
Please test and comment. Thanks. Mark

On Feb 9, 8:55 pm, Andrew  Eddie <mambob...@gmail.com> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Messages 1 - 25 of 48   Newer >
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google