ezinfo/about and other standard pages

« 
Previous topic
|
General
|
Next topic
 »
Author Message

Maarten Holland

Thursday 22 July 2004 1:20:32 am

Hi all,

I've noticed that there is a page ezinfo/about. Am I allowed to disable this page or is this a sort of copyright that must be enabled?

I also like to know if there are more of this sort of pages so I'm not publicing information without my knowledge.

Thank you,

Maarten

Ole Morten Halvorsen

Tuesday 27 July 2004 6:11:22 am

Hi Maarten,

Yes you are free to disable the ezinfo/about page if you want.
If I am not mistaken you can remove this by commenting out PolicyOmitList[]=ezinfo in your site.ini file. Users wanting to view the ezinfo/about will now require permission which they don`t have by default.

Look through the kernel/ directory for different modules/views which you might not need and can disable.

Ole M.

Senior Software Engineer - Vision with Technology

http://www.visionwt.com
http://www.omh.cc
http://www.twitter.com/omh

eZ Certified Developer
http://ez.no/certification/verify/358441
http://ez.no/certification/verify/272578

Maarten Holland

Tuesday 27 July 2004 7:32:42 am

Thank you Ole,

It's not that I don't want to give eZ systems the credits you deserve, but this is for a corporate page and my CEO probably doesn't want it :-(

I've disabled it using a virtual URL that maps to my root page. I'll go and check the kernel/ directory for other views.

Cheers,

Maarten

Alexandre Cunha

Sunday 26 September 2004 11:56:40 am

well, creating a virtual url to overide ezinfo/<anything> doest work on ezp 3.4.2
PolicyOmitList[]=ezinfo doest work too.
Any ideas without the need to dig in the php code ?

http://AlexandreCunha.com

Luc Chase

Sunday 17 April 2011 12:17:34 pm

Blocking or disabling ezinfo can be done in a couple of ways. On Apache you could add some .htaccess or RewiteRules and/or within eZ you could add some policy omit rules. But why? It's not going to make a site any more secure.
Is this a way of ( not ) solving a problem that doesn't exist?
What risks does this step resolve? I doubt that not announcing your version number and installed extensions is a way to secure a system. If the site is vulnerable to attack I don't think it would be because the ezinfo/about is working.
Security through obscurity is not best practice... it's not even second-best. Your system needs to be made secure; even when everyone knows how it works. One reason why widely used opensource software tends towards being very secure.

The Web Application Service Provider

Heath

Sunday 17 April 2011 3:37:12 pm

Hello Martin,

You can add the following code to your site.ini override (settings/override/site.ini.append.php)

This code should disable the module view across all siteaccesses.

[SiteAccessRules]
Rules[]
Rules[]=access;enable
Rules[]=moduleall
Rules[]=access;disable
Rules[]=module;ezinfo/about
Rules[]=module;content/tipafriend
I hope this helps others. Normally I recommend against disabling this view.
Cheers,
Heath
                        


                                                    
Brookins Consulting | http://brookinsconsulting.com/

Certified | http://auth.ez.no/certification/verify/380350

Solutions | http://projects.ez.no/users/community/brookins_consulting

eZpedia community documentation project | http://ezpedia.org

                                                                		
                

                                        



 

 
    













Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.



eZ debug
Timing: 
                                    Jan 29 2025 23:50:22

                                    
Script start
Timing: 
                                    Jan 29 2025 23:50:22

                                    
Module start 'layout'
Timing: 
                                    Jan 29 2025 23:50:22

                                    
Module start 'content'
Timing: 
                                    Jan 29 2025 23:50:22

                                    
Module end 'content'
Timing: 
                                    Jan 29 2025 23:50:22

                                    
Script end
Main resources:
Total runtime0.0134 sec
Peak memory usage2,048.0000 KB
Database Queries3
Timing points:
CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start
                          0.00000.0048
                          588.1484151.2109
Module start 'layout'
                          0.00480.0023
                          739.359436.6484
Module start 'content'
                          0.00710.0049
                          776.007894.2500
Module end 'content'
                          0.01190.0014
                          870.257837.9922
Script end
                          0.0133 
                          908.2500 
Time accumulators:
 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.002317.2232140.0002
Check MTime0.00118.4993140.0001
Mysql Total
Database connection0.00064.733710.0006
Mysqli_queries0.002418.014930.0008
Looping result0.00000.082010.0000
Template Total0.00117.910.0011
Template load0.00086.101210.0008
Template processing0.00021.720510.0002
Override
Cache load0.00064.373610.0006
General
dbfile0.00107.527680.0001
String conversion0.00000.041040.0000
Note: percentages do not add up to 100% because some accumulators overlap
Templates used to render the page:
UsageRequested templateTemplateTemplate loadedEditOverride
1print_pagelayout.tpl<No override>extension/community/design/community/templates/print_pagelayout.tplEdit templateOverride template
 Number of times templates used: 1
 Number of unique templates used: 1
Time used to render debug report: 0.0001 secs