[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#170732: (no subject)



also sprach Thom May <thom@debian.org> [2003.07.29.1027 +0200]:
> No, obscurity is almost never a useful measure. Unless you have
> exploitable software that you don't want people to know about.

This is a debateable issue. Note that I am not saying that obscurity
is a security mechanism. But what I am saying is that given security
of a system, obscurity is a means to make snooping more difficult.
I believe that security must be unaffected by how much an attacker
knows about my infrastructure and servers. However, I also don't see
*any* reason why Apache should advertise its version number. It's
extra information that is not needed by anyone other than curious
admins.

-- 
Please do not CC me when replying to lists; I read them!
 
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
 
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: pgpXd2ZJdStgR.pgp
Description: PGP signature


Reply to: