httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kraemer <mar...@apache.org>
Subject Re: Proposal: Allow ServerTokens to specify Server header completely
Date Tue, 13 Jan 2004 17:09:15 GMT
On Tue, Jan 13, 2004 at 09:35:15AM -0500, Jim Jagielski wrote:
> I didn't propose this to create (yet another) heated discussion,
> simply to suggest that we take ServerTokens to its logical
> conclusion based on some requests I've seen. :)

Yes. I agree with Lars that "security by obscurity" is not the way to
go -- I would never use it for increased security.

However, I *would* use it to fingerprint certain features of my servers
(like PHP which adds a X-Powered-By: PHP/...) as part of the Server:
string.

OTOH, it sounds to me as if most people object because they don't want
to lose Apache's Netcraft share ;-)

So, +.75 from me.

  Martin
-- 
<Martin.Kraemer@Fujitsu-Siemens.com>         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

Mime
View raw message