You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2019/11/20 17:20:39 UTC

[GitHub] [incubator-superset] mistercrunch commented on issue #8614: SHA display touchups

mistercrunch commented on issue #8614: SHA display touchups
URL: https://github.com/apache/incubator-superset/pull/8614#issuecomment-556129430
 
 
   Is there a security issue here? Assuming we'll have a list of CVE out, it'd be pretty easy for someone to get a list of active vulnerabilities, not that it'd be much harder to test for all CVE.
   
   I know for things like Apache (web server) or nginx, best practice is to keep that obscure to make it harder for black hats to scan the web looking for particular vulnerabilities. 
   
   Two ways to potentially mitigate: only allow for admin, or put behind a feature flag.
   
   @craig-rueda what dyou think?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org