[Zope] Hiding header?
Tino Wildenhain
tino at wildenhain.de
Wed Jan 5 09:56:28 EST 2005
On Thu, 2005-01-06 at 01:48 +1100, Andrew Milton wrote:
> +-------[ Jens Vagelpohl ]----------------------
> |
> | On Jan 5, 2005, at 15:31, Shane Graber wrote:
> |
> | >Added security -- same reason why you can setup Apache to not
> | >broadcast what version it is. There's no reason to broadcast what
> | >versions of software we're running.
> | >
> | >Shane
> | >
> | >
> | >On Wed, 05 Jan 2005 15:07:25 +0100, Tino Wildenhain
> | ><tino at wildenhain.de> wrote:
> | >>On Wed, 2005-01-05 at 08:35 -0500, Shane Graber wrote:
> | >>
> | >>Btw. what do you think you gain if you hide that information?
> |
> | Ah, yes, the Micro$haft kind of security... hehe.
> |
> | Sorry, "security by obscurity" will not make your system any more
> | secure. Don't delude yourself.
>
> It's not the same as posting a sign saying that your door is unlocked.
Err. seriously, where is a Zope door unlocked? I mean, every visitor
can find out with little effort if its zope running or something else.
And Zope is probably one of the most secure web application solutions
you could get. (Sure you can drill holes in it if you try really hard
as zope admin :-) But out-of-the-box its really secure. Name any
exploit you know.
Regards
Tino
More information about the Zope
mailing list