You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Martin Kraemer <Ma...@Fujitsu-Siemens.com> on 2001/11/06 14:58:20 UTC
Re: [PATCH] for ServerSignatures / ServerTokens
On Tue, Oct 16, 2001 at 11:17:07PM -0700, Dirk-Willem van Gulik wrote:
>
> Hmm - as always these things are a little trickier than anticipated; as
> there is some cleverness surrounding the server string.
Okay, but back to the original question: should the version number in
the SERVER_SIGNATURE not be suppressed when the user configures
"ServerTokens ProductOnly" ?
That was a security concern of at least two users when they interviewed
me at the Systems'2001
Martin
--
<Ma...@Fujitsu-Siemens.com> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
Re: [PATCH] for ServerSignatures / ServerTokens
Posted by Thomas Eibner <th...@stderr.net>.
On Tue, Nov 06, 2001 at 02:04:23PM -0500, Rodent of Unusual Size wrote:
> Martin Kraemer wrote:
> >
> > Okay, but back to the original question: should the version number in
> > the SERVER_SIGNATURE not be suppressed when the user configures
> > "ServerTokens ProductOnly" ?
>
> IMHO, the server signature that appears on pages should track
> the value sent in the Server response header field.
The patch that I gave to the inital thread does exactly that and nothing
more.
Sorry for the reply to an older mail, but I'm trying to bring up something
in the first thread about the server tokens.
--
Thomas Eibner <http://thomas.eibner.dk/> DnsZone <http://dnszone.org/>
mod_pointer <http://stderr.net/mod_pointer>
Re: [PATCH] for ServerSignatures / ServerTokens
Posted by Rodent of Unusual Size <Ke...@Golux.Com>.
Martin Kraemer wrote:
>
> Okay, but back to the original question: should the version number in
> the SERVER_SIGNATURE not be suppressed when the user configures
> "ServerTokens ProductOnly" ?
IMHO, the server signature that appears on pages should track
the value sent in the Server response header field.
--
#ken P-)}
Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/
Author, developer, opinionist http://Apache-Server.Com/
"All right everyone! Step away from the glowing hamburger!"