MyBB Community Forums

MyBB Community Forums > Development > Suggestions and Feedback > JS version var value
Full Version: JS version var value
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Matt

2017-01-17, 06:43 PM
Right now we put the version number at the end of javascript files to bust the cache on upgrades, however in doing this we can sometimes expose what version someone is (or isn't) running - could we not do it another way?

I was thinking have another cache variable, like the 'encryption_key' value, and put this at the end of the files. Then, at the end of each upgrade, we generate a new key, which would still bust the cache, but also not give away any version number information.

It would mean all the files get cache-busted instead of only the ones that have changed, but considering browsers will expire caches every so often anyway, I don't believe re-caching all the javascript every few months to really be a problem.

laie_techie

2017-01-17, 07:31 PM
Matt, your suggestion would work unless every site uses the same 'encryption_key' value. In this case, someone only need google for that encryption_key to find out the version of MyBB in use.

dragonexpert

2017-01-17, 07:41 PM
+1 for changing the value.

StefanT

2017-01-17, 07:41 PM
Or they could simply compare the JS files to get to know the version. Wink

Matt

2017-01-17, 08:09 PM
(2017-01-17, 07:31 PM)laie_techie Wrote: [ -> ]Matt, your suggestion would work unless every site uses the same 'encryption_key' value. In this case, someone only need google for that encryption_key to find out the version of MyBB in use.

I figured it'd be randomly generated per upgrade (I think encryption_key is generated on install), stored in the cache, and then output with {$mybb->js_cache_key} or something in the templates. Then it's different every upgrade for every forum.

This way, we also wouldn't need to bother updating templates just to change a version number if the js file changes.

(2017-01-17, 07:41 PM)StefanT Wrote: [ -> ]Or they could simply compare the JS files to get to know the version. Wink

Potentially, not saying it's going to outright stop them figuring out a version, but have always found it strange we have a setting to hide the version number in the footer, but display it in the source code anyway. if it's only there to bust the cache, it can be a random string, doesn't need to be specific to the current version.

Devilshakerz

2017-01-17, 09:24 PM
Related: https://community.mybb.com/thread-156843...pid1089564

Corey H

2017-01-17, 10:46 PM
Never understood this either. Another great idea that should be taken care of.

Ben

2017-01-18, 11:35 PM
I think it's too late a change to be making at this point in 1.8. Let's not forget that 1.8 has been limited to bug fixes only for a while now.

Matt

2017-01-19, 12:16 PM
The secure cookies flag and report reasons section were bugs?
MyBB Community Forums > Development > Suggestions and Feedback > JS version var value