Displaying version of underlying software in footer of web app? [closed]

Question

I am thinking about providing a version of say, the database schema and the dlls for business logic in the footer of my web application.

Is this advised?

Are there any pitfalls, or pointers of how to do this best?

Usability concerns?

I already have a version scheme, for both schema and dlls, used in my CI solution.

Answer 1

Don't do this. It gives away free information to a potential attacker and makes their job easier. If there are exploits known for your given version of the software, there's no need to tell them that. There are actually search engines built on top of Google who use this information incontinence to power massive exploits (e.g. cDc's Goolag scanner).

Although this may sound like security by obscurity (because it is) it is still advisable to make an attacker's job as hard as possible. Not divulging implementation details is an important step. Of course, this can only ever be part of the effort to make a website securer.

Answer 2

I quite like what is done e.g. here. If you look towards the bottom of the page, there's a piece of text "powered by eve community". If you click that text you get a small chunk of technical information.

To me, this is a nice tradeoff between having the (useful) information readily available (for bug reports, etc.) and having to have (unpleasant) technical jargon visible to users of the site.

Answer 3

IMO, the only reasons to show version numbers are:

• To show progress is being made
• To help bug reports be localized to the version they were discovered in

So if these things are important for your bug reports, then expose them. If not, then don't.