httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kraemer <Martin.Krae...@Fujitsu-Siemens.com>
Subject Re: [PATCH] for ServerSignatures / ServerTokens
Date Tue, 06 Nov 2001 13:58:20 GMT
On Tue, Oct 16, 2001 at 11:17:07PM -0700, Dirk-Willem van Gulik wrote:
> 
> Hmm - as always these things are a little trickier than anticipated; as
> there is some cleverness surrounding the server string.

Okay, but back to the original question: should the version number in
the SERVER_SIGNATURE not be suppressed when the user configures
"ServerTokens ProductOnly" ?

That was a security concern of at least two users when they interviewed
me at the Systems'2001

   Martin
-- 
<Martin.Kraemer@Fujitsu-Siemens.com>         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

Mime
View raw message