httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: Proposal: Allow ServerTokens to specify Server header completely
Date Tue, 13 Jan 2004 14:35:15 GMT
Ivan Ristic wrote:
> 
> 
> > As Lars said (and I agree), it has nothing to do with security. Why do you
> > provide such a "feature" then?
> 
>    Because I believe that changing the signature prevents some
>    automated tools from attacking the server.
> 
>    So, the signature
>    does matter.
> 

Without a doubt. Look at how many exploits grep on not only
the "name" of the server but also the version. 

I didn't propose this to create (yet another) heated discussion,
simply to suggest that we take ServerTokens to its logical
conclusion based on some requests I've seen. :)
-- 
===========================================================================
   Jim Jagielski   [|]   jim@jaguNET.com   [|]   http://www.jaguNET.com/
      "A society that will trade a little liberty for a little order
             will lose both and deserve neither" - T.Jefferson

Mime
View raw message