On Mon, Dec 6, 2010 at 1:56 PM, J.Lance Wilkinson <jlw12@xxxxxxxxxxxxxxx> wrote: > Eric Covener wrote: >> >> On Mon, Dec 6, 2010 at 1:42 PM, Dave Stevens <geek@xxxxxxxxxxxx> wrote: > >> .... >>> >>> Well, I hadn't, but it seems as if from a security point of view it might >>> not >>> be a bad idea. Is there any history or discussion on that? or perhaps a >>> reference I can read up on? >> >> http://httpd.apache.org/docs/current/mod/core.html#servertokens >> >> There hasn't been much discussion that the info should be hidden by >> default. >> > > Well, under the theory that letting a "hacker" know anything about the > platform they may be trying to infiltrate gives them useful information Sorry, I meant discussion beyond this obvious implication of the default value. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx