httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hugh E Cruickshank" <>
Subject RE: [users@httpd] Directory hiding
Date Tue, 16 Sep 2008 23:07:08 GMT
From: André Warnier Sent: September 16, 2008 15:44
> Hugh E Cruickshank wrote:
> [...]
> > I hear you but the client's security consultant (or whatever) is
> > making the recommendation based on the software's report and the
> > client is exercising due diligence by reporting the issues to us and
> > we are trying to keep the client satisfied. If I can accomplish that
> > without undue effort then I will. client's tend to appreciate the
> > effort.
> Might your client appreciate if your own due diligence pushed you to
> inform them that their security consultant is telling them nonsense,
> and that it might be time to upgrade it ?
> ;-)

That may well be the case. This particular client is still in the pre-
sales phase and I would be thrashing around in uncharted waters. It
would not be very politic of me to say point out that their security
consultant does not know what they are talking about when it turns
out that it was done by an internal department or worse yet the
president's brother-in-law (or some other such dubious qualification).

I will probably end up saying something about it not being a very
serious threat but we are such good guys we fixed it anyway. Well
maybe not that exactly, I will let the sales people spin it to their
hearts content.

Regards, Hugh

Hugh E Cruickshank, Forward Software,

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message