Project

General

Profile

Feature #2586

General: Generator meta and X-Powered-By header

Added by Stefaan Vanbillemont about 9 years ago. Updated almost 9 years ago.

Status:
Bug resolved
Priority:
Normal
Target version:
Start date:
21/01/2011
Due date:
% Done:

100%

Estimated time:
Complexity:
Normal

Description

Hi all,

To give a little follow-up on this, you can now go to
http://campus.chamilo.org and, if you have the Firefox extension
"Wappalyzer" installed, it will tell you the site is using Chamilo. See
screenshot attached.

The reaction of Wappalyzer team has been really fast.
http://wappalyzer.com/stats/cat/LMS
http://wappalyzer.com/stats/app/Chamilo

This will only be really available from version 1.8.8 (and it just
requires the patch mentioned below for 2.0)

Yannick

El sáb, 08-01-2011 a las 21:38 -0500, Yannick Warnier escribió:

Hi all,

Following a little mail to the guys at Wappalyzer
(http://wappalyzer.com/), a Firefox extension that lets you check which
CMS or web app is running a certain website, I've decided to add the
"Generator" HTML header meta tag and the "X-Powered-By" HTTP header
inside Chamilo 1.

This is done (in Chamilo 1) this way in the header.inc.php (first part
to be sent before any output of course):
//show the X-Powered-By header so that parsers can find it
global $_configuration;
header('X-Powered-By: '.$_configuration['software_name'].'
'.substr($_configuration['system_version'],0,1));

and in the <head> tag:

<meta name="Generator" content="$_configuration['software_name'].'
'.substr($_configuration['system_version'],0,1);?>">

This will allow Wappalyzer to detect when a site uses Chamilo, but will
also allow us (later on) to find more easily Chamilo sites around the
world (and do better tracking).

As you might have understood from the code, I'm only providing the major
release number of Chamilo ("1" and not "1.8.7.1"). This is to avoid
major security problems whereby a hacker could quickly detect a specific
outdated version of Chamilo (with a known security issue) and use that
issue against the website owner.

Of course, it would be better to provide no information at all, but this
would be giving hackers little credit about how they can recognize a
specific application by themselves, so I've chosen something in between.

Given there's more in several heads than in one, I thought I'd mention
it here in case there is a major opposition to that.

In any case, I think it's good to be able to "count" the Chamilo portals
around the world (and knowing their respective distribution between 1
and 2) and this header should allow us to do so in the long run.

Best regards,

Yannick

_______________________________________
Dev mailing list

http://lists.chamilo.org/listinfo/dev

History

#1

Updated by Sven Vanpoucke about 9 years ago

  • Status changed from New to Needs testing
  • Assignee set to Sven Vanpoucke
  • Target version set to 21
  • % Done changed from 0 to 100
#2

Updated by Ludwig Theunis about 9 years ago

  • Status changed from Needs testing to Bug resolved
#3

Updated by Stefaan Vanbillemont almost 9 years ago

  • Project changed from Chamilo LCMS Connect to Common
  • Category deleted (21)
#4

Updated by Stefaan Vanbillemont almost 9 years ago

  • Target version changed from 21 to 2.1.0

Also available in: Atom PDF