[Zope] Banner Grabbing
D. Rick Anderson
ruger at acsnv.com
Tue Sep 30 19:11:32 EDT 2003
> I don't believe in relying on security-through-obscurity...
I couldn't agree more, but it shows up as a 'warning' in Nessus, and my
boss wants it cleared up. I don't intend to 'rely' on that, but why give
some dough-head out there more information than you have to? I've done
it to our servers that ARE running apache with:
ServerTokens Prod
and then all they return is "Apache" without any versioning info, and if
you set:
expose_php = Off
in your /etc/php.ini it won't barf out all of your PHP version
information either. I just want to know how to do it in Zope.
Thanks,
Rick
>
> Mitch Pirtle wrote:
>
>> On Tue, 2003-09-30 at 17:46, D. Rick Anderson wrote:
>>
>>> How do we modify the 'Server' string in Zope? My boss is on a
>>> security kick, and somebody got him stuck on the term 'banner
>>> grabbing'. I just want to put something in there that doesn't
>>> identify the server or version.
>>
>>
>>
>> Are you hosting zope behind apache? You may need to do your trickery
>> there...
>>
>> -- mitchy
>
>
>
> _______________________________________________
> Zope maillist - Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>
More information about the Zope
mailing list