Return-Path: Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 45380 invoked by uid 500); 19 Jun 2002 21:04:20 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 45367 invoked from network); 19 Jun 2002 21:04:19 -0000 Date: Wed, 19 Jun 2002 14:04:25 -0700 From: Aaron Bannert To: dev@httpd.apache.org Subject: Re: cvs commit: httpd-2.0/docs/error/include bottom.html Message-ID: <20020619140425.E21255@clove.org> Mail-Followup-To: Aaron Bannert , dev@httpd.apache.org References: <20020615070125.44786.qmail@icarus.apache.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020615070125.44786.qmail@icarus.apache.org> User-Agent: Mutt/1.3.23i X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N On Sat, Jun 15, 2002 at 07:01:25AM -0000, rbb@apache.org wrote: > rbb 2002/06/15 00:01:25 > > Modified: docs/error/include bottom.html > Log: > Comment out the SERVER_STRING variable from our default error documents. > Some people do not like having this information in their error pages, and > it makes sense to not do it by default. If users want this back, they > can uncomment it. I'm sorry to have to revisit this, but I'm going to have to -1 this whole thing. I don't want to have to go and enable all of my error docs just because some admins believe it exposes them to risk, which of course is total bunk. If an admin doesn't want to display their server version, they're going to have to turn them off themselves, or we're going to have to provide an easier way to do this. Hiding a variable deep in an included SSI file is not satisfactory. I'm not interested in any default values that encourage security by obscurity. -aaron