I don't believe in relying on security-through-obscurity...
I couldn't agree more, but it shows up as a 'warning' in Nessus, and my boss wants it cleared up. I don't intend to 'rely' on that, but why give some dough-head out there more information than you have to? I've done it to our servers that ARE running apache with: ServerTokens Prod and then all they return is "Apache" without any versioning info, and if you set: expose_php = Off in your /etc/php.ini it won't barf out all of your PHP version information either. I just want to know how to do it in Zope. Thanks, Rick
Mitch Pirtle wrote:
On Tue, 2003-09-30 at 17:46, D. Rick Anderson wrote:
How do we modify the 'Server' string in Zope? My boss is on a security kick, and somebody got him stuck on the term 'banner grabbing'. I just want to put something in there that doesn't identify the server or version.
Are you hosting zope behind apache? You may need to do your trickery there...
-- mitchy
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )