I have heard that I should (A) use one URL for all "pages" on my site, such that what page is shown is determined by the session state, and (B) don't use an extension like .php. One curious fellow even claimed (C) in a talk that people should not return 200 codes but should use randomly chosen codes.
I guess I understand B and C as these confuse would-be attackers who are running Nikto or Skipfish or whatever.
What are the reasons for doing the solo endpoint? It could be a lot of work to convert my PHP4 code to use only one endpoint since I have maybe 40 PHP files. I would've thought that attackers would have more trouble dealing with many URLs, one per PHP file.
Aucun commentaire:
Enregistrer un commentaire