[Bug 205996] Re: ServerTokens Full in apache2.conf (security risk?)
Adam Conrad
adconrad at 0c3.net
Sat Apr 4 00:35:48 BST 2009
It's been argued by others in the past, but I honestly don't see how
full ServerTokens are a security risk. If you prefer not to show them,
you can change it, but most bots out there don't look for what
extensions you may be running before they attempt to attack you.
And, honestly, most attack vectors are through broken applications (like
PHP web forums, for instance), and if you have the application running,
it's pretty obvious that you're also using the language underlying that
application in some form or another.
--
ServerTokens Full in apache2.conf (security risk?)
https://bugs.launchpad.net/bugs/205996
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list