Feature Request: Sensitivity to displaying the build and version on the Login page #17499
Closed
bjornrobertsson
started this conversation in
Feature Requests
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Feature request:
Add a variable or method to hide the 'version' string on the Login Form: [LoginPageView.tsx] https://github.com/coder/coder/blob/v2.21.0/site/src/pages/LoginPage/LoginPageView.tsx
Reason
The appearance of the build and version on the login page could constitute a threat as it may display entirely too much information for a potentially harmful actor.
Making the Version display optional (and suggesting here to make the default so it is not visible). References to this could inlude i.e. techniques available to Apache, Nginx and most 'HTML providers' would mitigate this with either fully limiting or limiting to major/minor or only 'name'.
It would be reasonable to keep the version visible **after login to the site, although practically any means of hiding the version until the end-user is logged in would be acceptable.
Current and older Login forms:
**
Beta Was this translation helpful? Give feedback.
All reactions