httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm MacCarthaigh <c...@stdlib.net>
Subject Re: Proposal: Allow ServerTokens to specify Server header completely
Date Tue, 13 Jan 2004 14:13:24 GMT
On Tue, Jan 13, 2004 at 03:04:30PM +0100, Lars Eilebrecht wrote:
> - It's only security by obscurity and providing such a
>   "security feature" may be misleading for our users.
> - We don't want people to obfuscate the server name, do we?

It's a terrible terrible terrible idea, and makes auditing your
own network much much harder, but it's really a decision for
administrators to make - if they want to shoot themselves in the
foot, let them :)

> If people really want to change it they can always do
> that at compile time, but we should not encourage it
> by providing a configuration directive for it.

Most admins never compile apache :)

-- 
Colm MacCárthaigh                        Public Key: colm+pgp@stdlib.net

Mime
View raw message