On Tue, Jan 13, 2004 at 09:35:15AM -0500, Jim Jagielski wrote: > I didn't propose this to create (yet another) heated discussion, > simply to suggest that we take ServerTokens to its logical > conclusion based on some requests I've seen. :)
Yes. I agree with Lars that "security by obscurity" is not the way to go -- I would never use it for increased security. However, I *would* use it to fingerprint certain features of my servers (like PHP which adds a X-Powered-By: PHP/...) as part of the Server: string. OTOH, it sounds to me as if most people object because they don't want to lose Apache's Netcraft share ;-) So, +.75 from me. Martin -- <[EMAIL PROTECTED]> | Fujitsu Siemens Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
