httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Richards <p...@netcraft.co.uk>
Subject Re: SERVER_SOFTWARE
Date Fri, 28 Jul 1995 12:10:40 GMT
In reply to Brian Behlendorf who said
> 
> On Thu, 27 Jul 1995, Andrew Wilson wrote:
> > 	this is just a thought prompted by Paul Richards.  It'd be kind of
> > nice to figure out what OS people are running their server on.
> 
> Many would consider this a security hole, and most internet daemons have 
> removed this information (i.e. wu-ftpd, sendmail, etc).  The recent spat 
> of "Olga" messages made themselves untraceable by specifically going 
> through broken IBM VMS mailers who trusted whatever the client told them 
> in the HELO message.  I'd consider putting information about extensions 
> in there a security hole too, perhaps even worse.  Just a note of 
> caution, I wouldn't veto it but I wouldn't +1 it either.
> 

Well, having discussed this with some people I think you're right and that
this would be considered an undesirable feature on the part of users 
although it's obviously very desirable on the part of us developers :-).
I probably would veto it now (do I even have a vote?) even though I sugeested
it in the first place :-)

-- 
  Paul Richards, Bluebird Computer Systems. FreeBSD core team member. 
  Internet: paul@FreeBSD.org, http://www.freebsd.org/~paul
  Phone: 0370 462071 (Mobile), +44 1222 457651 (home)

Mime
View raw message