Hi I have just completed building my application using the elgg framework. One of the ways to improve security is to hide the components that are used to build an application. When I run my application on this website (http://guess.scritch.org/) it shows that my application is built using elgg. How can I make the framework invisible to those who might want to find out with malicious intent.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- ura soul@tunist
ura soul - 0 likes
- Matt Beckett@Beck24
Matt Beckett - 0 likes
- Evan Winslow@ewinslow
Evan Winslow - 0 likes
- S.Brady.Hussain@sz1hosting
S.Brady.Hussain - 0 likes
- Kibui Kenneth Maina@mainakibui
Kibui Kenneth Maina - 0 likes
You must log in to post replies.theoretically you could run a search / replace for 'elgg' and 'elgg-' and 'elgg_' on the whole project and replace with nothing/null. probably you would need to do that in the database as well.
then also remove the version code and other fields from the page header. also using the pagehandler_hijack plugin to change the default page addresses would be useful.
if you do this, be sure to test it out on a blank installation of elgg first!
Even then you'd be hard pressed to fully hide it all, it's not worth the effort. There's no security risk as long as you keep your site up to date with latest releases anyway.
Making Elgg detectable is good for the Elgg project since we can get stats from services like builtwith.com.
Trying to hide your use of Elgg is "security through obscurity" and does not provide enough value for effort. Better to just focus on keeping your Elgg code up to date and report security bugs to security at elgg dot org if you find them.
i asked about this ages ago, as people have said here it is not worthit as you will surely use something that will give it away as a elgg site it would need you to recode elgg itself if you do this please let me know ^_^
Thanks everyone. I think I will keep things the way they are.