httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Taco Fleur" <tacofl...@nella.net.au>
Subject RE: [users@httpd] Stop Apache from reporting version number anywhere..
Date Mon, 26 Jan 2004 03:38:14 GMT
> Because hiding your version number doesn't do anything to 
> patch security holes.  You are 100% as vulnerable to whatever 
> vulnerabilities you may have regardless of what version 
> number your server advertises.  It's not going to stop you 
> from being hacked, if that's what you were thinking. 
> An analogy would be placing a post-it note on your front door 
> that says "There is no big-screen TV inside." when any 
> burglar can see plainly in your front window that in fact 
> there is a large big-screen TV sitting right there in the living room.

I didn't think it would patch any security holes.

I don't agree with what you are saying, I believe displaying the webserver
software and version is like giving someone my Bank name, account type and
branch address, all they need to find out is what my PIN is.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message