Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Which is why you shouldn't include implementation details in your URL.


Obfuscation isn't security etc etc


I wasn't commenting on the security implications. My point was that bleeding implementation details like .php in your URLs is silly because that URL might end up being served by a Node app one day.

But on the security point, a URL ending in .php does imply a "we just YOLO'd a bunch of bare scripts into the webroot" application architecture, which is not confidence inspiring as a user and sure looks attractive to pentest.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: