Lars Eilebrecht wrote:
>
> According to Jim Jagielski:
>
> > I didn't propose this to create (yet another) heated discussion,
>
> too late ;)
>
>
> > simply to suggest that we take ServerTokens to its logical
> > conclusion based on some requests I've seen. :)
>
> Sorry, but I don't see this as the logical conclusion of
> the ServerTokens directive.
> Being able to manage what third-party modules put in the
> server header is one thing, but changing the header to
> an arbitrary think does not seem logical to me, nor is
> it a security feature.
>
ServerTokens allows more than just the removal of
the module descriptions. For what other "reason"
does the ability to go from
Apache/2.0.49-dev (Unix)
to
Apache/2.0.49-dev
to
Apache/2.0
to
Apache/2
to
Apache
provide rather than ways to "obscure" "relative"
information about this specific build of Apache?
Certainly Admins do this because "I don't want people
to know what specific version of Apache I'm using".
I'm not really as Pro this "enhancement" as it may
seem :)
--
===========================================================================
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
"A society that will trade a little liberty for a little order
will lose both and deserve neither" - T.Jefferson
