[Zope] Hiding header?
Andrew Milton
akm at theinternet.com.au
Wed Jan 5 10:23:45 EST 2005
+-------[ Tino Wildenhain ]----------------------
| On Thu, 2005-01-06 at 02:11 +1100, Andrew Milton wrote:
| > +-------[ Tino Wildenhain ]----------------------
| > | On Wed, 2005-01-05 at 09:55 -0500, Shane Graber wrote:
| > | > Yes, but that's no reason why not to lock down other items as well.
| > |
| > | Paint a door just in a different color does not really mean you locked
| > | it.
| >
| > Noone is saying, don't lock it. Noone is saying that removing version numbers
| > is a solution by itself. But it certainly ADDS something.
| >
| > If it didn't there wouldn't be such an effort to prevent OS types and versions
| > from being decoded by passive scanning.
| Attackers choose the simplest way to get in - and a running zope
| just is not. So better spent the time in making all that other
| services even close to the secureness of zope. Next you can think
| about hiding the version number.
Are you volunteering to go around to all the authors of all the products listed on
the Downloads pages of zope.org (with or without a bat)? d8)
--
Andrew Milton
akm at theinternet.com.au
More information about the Zope
mailing list