httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Richards <p...@netcraft.co.uk>
Subject Re: SERVER_SOFTWARE
Date Fri, 28 Jul 1995 12:15:42 GMT
In reply to Robert S. Thau who said
> 
> Hmmm... if I understand the argument here, you're saying that server
> software which identifies its particulars may thereby advertise which
> holes it had.  Taken to the limit, one could argue that it's best not
> to say even what the server version is.
> 
> I think I'm missing something...

No you're not, I was. Hey, we were sitting in a pub and I did just make
a of the top of my head remark that it would be nice to see how many
of these boxes were running FreeBSD :-)

You're right, it's a really bad idea the primary reason being the
one you mention, that advertising OS and version numbers is also advertising
security holes. 

This is also true for the server and should be something you consider.


-- 
  Paul Richards, Bluebird Computer Systems. FreeBSD core team member. 
  Internet: paul@FreeBSD.org, http://www.freebsd.org/~paul
  Phone: 0370 462071 (Mobile), +44 1222 457651 (home)

Mime
View raw message