--On November 15, 2005 10:01:09 AM -0500 Joshua Slive <[EMAIL PROTECTED]> wrote:changing a default like this on a 2.0 to 2.2 upgrade, and I'd prefer it you put it back to "off".
There is a basic issue of applicaitions which trust the SERVER_NAME variable to contain something sensical. When used in the response, it can (and has!) created XSS vulnerabilites, notably our own in the error messages. Something to ponder. Bill
