httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregory A Lundberg <lundb...@vr.net>
Subject Re: [PATCH] Depreciate SERVER_SUBVERSION and reorder server_version
Date Sat, 09 May 1998 15:25:24 GMT
On Sat, 9 May 1998, Jim Jagielski wrote:

> This patch totally removes the SERVER_SUBVERSION hack. This forces
> people to use ap_add_version_componant. Also, it adjusts things so
> that it appends rather than prepends the tokens to the server_version
> string. Thus, it reflects the order in which they were added. Also
> includes Paul's "make ap_get_server_version sane" fix:

Dumb question.  Can I, as a web master, easily turn off this junk without
having to hack the code?  My fear is that add-on authors will stuff
identification strings in willy-nilly and some exploit will turn up
directed at servers with that add-on.

Source code availability is NOT comfigurability.  For many of us, it's
critically important to know we are running a clean copy, with just those
add-ons we choose and WITHOUT having to keep track of local hacks.  So
here's a vote from a lurker:

-1 on all changes to support server subversions in runtime unless and
until a configuration option is added to the command line or config files
to disable transmission of the version information.

I'd like to see a three-way option: full strings (server version with
subversions and whatever other crap modules authors decide to add), server
name and version only (the default), or strings at all (with a clear note
in the documentation recommending this setting).

For those to which it's important to see the full strings when they've
been configured off, add them to the mod_info module so we can
access-restrict them.

----

Gregory A Lundberg		Senior Partner, VRnet Company
1441 Elmdale Drive              lundberg@vr.net
Kettering, OH 45409-1615 USA    1-800-809-2195


Mime
View raw message