You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2022/11/04 01:23:15 UTC

[GitHub] [couchdb] yzgang76 opened a new issue, #4258: How to hide the version of CouchDB and Erland in the response header

yzgang76 opened a new issue, #4258:
URL: https://github.com/apache/couchdb/issues/4258

   [NOTE]: #How to hide the version of CouchDB and Erland in the response header
   
   ## Description
   In the Rest API response headers, the 'Server' expose the verison of CouchDB and Erland
   
   Server | CouchDB/3.2.2 (Erlang OTP/23)
   
   for security reseason, is it possible to hide the Server information? 
   
   [NOTE]: # ( Describe the problem you're encountering. )
   [TIP]:  # ( Do NOT give us access or passwords to your actual CouchDB! )
   
   ## Steps to Reproduce
   Send a Rest Request 
   
   [NOTE]: # ( Include commands to reproduce, if possible. curl is preferred. )
   
   ## Expected Behaviour
   
   Hide 'Server' in the response headers
   
   
   [NOTE]: # ( Tell us what you expected to happen. )
   
   ## Your Environment
   
   [TIP]:  # ( Include as many relevant details about your environment as possible. )
   [TIP]:  # ( You can paste the output of curl http://YOUR-COUCHDB:5984/ here. )
   
   * CouchDB version used:
   * Browser name and version:
   * Operating system and version:
   
   ## Additional Context
   
   [TIP]:  # ( Add any other context about the problem here. )
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@couchdb.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [couchdb] big-r81 closed issue #4258: How to hide the version of CouchDB and Erland in the response header

Posted by GitBox <gi...@apache.org>.

big-r81 closed issue #4258: How to hide the version of CouchDB and Erland in the response header
URL: https://github.com/apache/couchdb/issues/4258


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@couchdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [couchdb] big-r81 commented on issue #4258: How to hide the version of CouchDB and Erland in the response header

Posted by GitBox <gi...@apache.org>.

big-r81 commented on issue #4258:
URL: https://github.com/apache/couchdb/issues/4258#issuecomment-1303109564

   Hi,
   
   there is no config option to disable the server version header. If you really need to hide this, you need to comment out [these](https://github.com/apache/couchdb/blob/7f1d2b2ed63be13a7297e0d229b78e620a4204b8/src/couch/src/couch_httpd.erl#L1206-L1208) lines and compile CouchDB by yourself. The server header will then be replaced by a default one from MochiWeb.
   
   Please keep in mind that security by obscurity alone does not create a higher level of security.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@couchdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org