[Pro] meta name=GENERATOR

Tomek · November 29, 2012, 10:25pm

Any way to stop generation of this HTML line?

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Tim3 · November 29, 2012, 11:27pm

Hi Tomek,
There’s a bug in Freeway that means if you try and remove this from a child page the master simply puts it back in again. Go to the master page and remove it there.
Regards,
Tim.

On 29 Nov 2012, at 22:25, Tomek wrote:

Any way to stop generation of this HTML line?

FreewayActions.com - Freeware and commercial Actions for Freeway Express & Pro - http://www.freewayactions.com

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Ernie_Simpson · November 30, 2012, 12:41am

I’d be curious as to why delete the Freeway Pro reference? Years ago, I
would delete it because - as a professional designer - I was sensitive to
being looked-at differently for using a tool whose marketing implied that I
may not know as much about building websites as my competitors who didn’t
use it.

Nowadays I am happy to display the generator tag and openly discuss my
tools and methods with clients. Skill does not depend on the kind of tool
used, but what you can do with it. Besides, there is a practical reason to
record the version of Freeway used for future reference and troubleshooting.

–
Ernie Simpson

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Tomek · November 30, 2012, 1:16am

Ernie,

In principle I fully agree with you and if I will design my private site in FW I would be more than happy to keep the meta line. Also when someone uses FOC software this is somehow way of obligation and must to keep this sort of reference. In case of commercial software the situation is different. Some customers strongly believe that showing the reference may generate same security problems as always this is some sort of tip for a hacker showing what technology was used for building a site. It is hard for me to say if in case of FW we have even shadow of this sort of problems but I saw hundreds of e.g. PHP software-generated pages extremely easy to compromise.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

waltd · November 30, 2012, 2:23am

There is no way to compromise an Apache-served static HTML site. Period. If you have any sort of dynamic code – be it CGI with Perl or PHP, or Java, or Ruby on Rails – there will always be a way for the extremely patient hacker to dig a hole in your code and do Evil Things. Telling the visitor that you’re using Joomla or Drupal or whatever will give them a hint, but really you are only saving a few seconds for the determined hacker – there are ways to “profile” a site and tell what framework it uses.

One of my client’s site runs Joomla, and I have written some external server code that records the “fuzzing” attempts made against it. These are scattershot requests for files that would only exist on one version of one application server or another, and they are a remarkably accurate way to figure out exactly what you’re running. These toolkits are widely available and automatic, and they crawl the web continuously looking for unsecured versions of frameworks to attack. My system records the attempt, and then sends them to the 404 page. Hopefully we keep them guessing.

Walter

On Nov 29, 2012, at 8:16 PM, Tomek wrote:

Ernie,

In principle I fully agree with you and if I will design my private site in FW I would be more than happy to keep the meta line. Also when someone uses FOC software this is somehow way of obligation and must to keep this sort of reference. In case of commercial software the situation is different. Some customers strongly believe that showing the reference may generate same security problems as always this is some sort of tip for a hacker showing what technology was used for building a site. It is hard for me to say if in case of FW we have even shadow of this sort of problems but I saw hundreds of e.g. PHP software-generated pages extremely easy to compromise.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Ernie_Simpson · November 30, 2012, 2:30am

No problems from me, my interest is almost purely academic and thank you
for your answer. I’ve always had a thing about how the Pro product has been
marketed.

Even without the generator line, Freeway Pro sites are still quite
recognizable. Is there another code generator out there that generates
in-line style code or names the first div PageDiv? lol!

No, seriously… is there?

–
Ernie Simpson

On Thu, Nov 29, 2012 at 8:16 PM, Tomek email@hidden wrote:

Ernie,

In principle I fully agree with you and if I will design my private site
in FW I would be more than happy to keep the meta line. Also when someone
uses FOC software this is somehow way of obligation and must to keep this
sort of reference. In case of commercial software the situation is
different. Some customers strongly believe that showing the reference may
generate same security problems as always this is some sort of tip for a
hacker showing what technology was used for building a site. It is hard for
me to say if in case of FW we have even shadow of this sort of problems but
I saw hundreds of e.g. PHP software-generated pages extremely easy to
compromise.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Tomek · November 30, 2012, 3:30pm

On 30 Nov 2012, 1:24 am, waltd wrote:

There is no way to compromise an Apache-served static HTML site. Period. If you have any sort of dynamic code – be it CGI with Perl or PHP, or Java, or Ruby on Rails – there will always be a way for the extremely patient hacker to dig a hole in your code and do Evil Things. Telling the visitor that you’re using Joomla or Drupal or whatever will give them a hint, but really you are only saving a few seconds for the determined hacker – there are ways to “profile” a site and tell what framework it uses.

Yes - in general you are right. static HTML site is very difficult to crack in comparison to dynamic sites. There is why I wrote - “some customers believe” - some customers - not me. From the other hand there is always the risk of Apache compromise - but this is totally different story

One of my client’s site runs Joomla, and I have written some external server code that records the “fuzzing” attempts made against it. These are scattershot requests for files that would only exist on one version of one application server or another, and they are a remarkably accurate way to figure out exactly what you’re running. These toolkits are widely available and automatic, and they crawl the web continuously looking for unsecured versions of frameworks to attack. My system records the attempt, and then sends them to the 404 page. Hopefully we keep them guessing.

As I wrote - I do not have shadow of idea if FW uses or produces dynamic code (e.g. Actions?). I am very fresh with this solution … and as I wrote - some customers do not want to make Meta-Generator tag visible. Only that and as much as that. BTW - I remember the same sort of discussion approx. 10 years ago about NOF - some issues are always hot :-;

If someone allows dynamic sites to be connected directly to Internet it means that he really do not care about data. Dynamic sites - if we are talking about serious applications - should be always protected by WAF

Cheers,

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options