#2691: Trac shouldn't announce version number
--------------------------+-------------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: jonas
Type: defect | Status: closed
Priority: high | Milestone:
Component: general | Version: 0.9.3
Severity: major | Resolution: wontfix
Keywords: security |
--------------------------+-------------------------------------------------
Comment (by eblot):
Note that security auditing tools such as http://www.nessus.org/ report a
big warning when the Apache server tells about its version number.
Although I agree that "security by obscurity" is not a solution, there are
a lot of IT administrators that do not accept that the version of a server
or a web engine is reported to the world. In other words, in a perfect
world the version number disclosure is not an issue, but in the real world
this could prevent Trac from being installed.
For the above reason, I don't think this ticket should have been closed as
`wontfix`.
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/2691>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets
