Re: HEAD / HTTP/1.0 - To sign or not to sign?

[Owen Boyle]

[EMAIL PROTECTED] wrote:

> Does this make the person who fits a burglar alarm unethical? 

You compare hiding the server signature to fitting a burglar alarm or a
lock to your door. This is not quite accurate. It is more like etching
the word "Yale" or "Chubb" off your door lock with acid in the vain hope
that the burglar will leave you alone because he doesn't know what kind
of lock you have.

The burglar alarms and locks of the web are firewalls and
well-maintained systems. It is pointlessly deluded paranoia to restrict
your server signature.

Also, Michael is precisely correct - if everyone does this any advantage
it offers disappears and everyone is equally likely to be hacked again
(a defaulter society). You only get a slight advantage while some users
still advertise and only if signed sites are weaker than yours. If the
signed sites are all robust, the hackers will eventually come knocking
on those which are trying to hide...

Rgds,

Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]