tags:

views:

9

answers:

1

We have an idea of creating a page which would display information about all currently loaded DLLs (name and version). Is there any risk in terms of security, i.e. can a malicious user compromise the site security knowning the dll name and version number?

A: 

Knowing .dll version numbers is not inherently a direct risk, though it is good practice to give attackers as little information about your environment as possible. Consider at least protecting your page by requiring authentication and authorization to view it.

kbrimington

related questions