Dang, my bad. Sorry about that. Gary
On Fri, Mar 30, 2018 at 10:47 AM, Oliver Heger <oliver.he...@oliver-heger.de > wrote: > Wrong mailing list, guys? > > Http Client is not part of Apache Commons. > > Oliver > > Am 30.03.2018 um 18:44 schrieb Mark Thomas: > > On 30/03/18 12:22, ajs6f wrote: > >> For at least some cases, this wouldn't be good for security. > > > > That is debatable. > > > > Providing exact version information is highly unlikely (I almost wrote > > impossible but never say never) to create a vulnerability. > > > > It might make a vulnerability more obvious but if the client is > > vulnerable, it is vulnerable whether or not the version information is > > provided. > > > > Trying to hide the version information (it may be exposed indirectly > > elsewhere) is security by obscurity which is no security at all. > > > > > > The key question for me is does the client OS or Java version matter? > > Why might this information be useful to a sever? > > > > > > I do have a privacy concern. As a user I may not wish to expose my > > choice of JRE or OS to the server. > > > > > > My default position would be not to send it at all. Depending on the > > answer to "How is this info useful?", I could be persuaded to support > > making it optional, possibly even present by default. > > > > Of course, all of this is from the peanut gallery as I haven't > > contributed to this component and am unlikely to do so any time soon. > > > > Mark > > > > > >> I would prefer that this be configurable (via HttpClientBuilder and/or > > system props) and not the default. > >> > >> ajs6f > >> > >>> On Mar 29, 2018, at 6:20 PM, Gary Gregory <garydgreg...@gmail.com> > wrote: > >>> > >>> Hi All: > >>> > >>> Right now, the HttpClient is of the form: > >>> > >>> User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_162) > >>> > >>> With the stack I am working with, it would be handy if the header > reflected: > >>> > >>> - The Java vendor > >>> - Operating system name and version. > >>> > >>> For example: > >>> > >>> User-Agent: Apache-HttpClient/4.5.5 (Oracle Corporation/Java/1.8.0_162) > >>> Windows/10.0 (amd64) > >>> > >>> Any thoughts for or against adding this to the user agent string? > >>> > >>> Gary > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >> For additional commands, e-mail: dev-h...@commons.apache.org > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
