Hello! On Mon, Oct 20, 2014 at 07:24:27PM +0200, Stefanita Rares Dumitrescu wrote:
> > On 20/10/2014 07:46, Maxim Dounin wrote: > >I always wonder why people think that hiding versions improves > >security. > > > >http://en.wikipedia.org/wiki/Security_through_obscurity > > > > > Usually this is done as a preventive measure against 0days if you're not > around to fix stuff for instance. automated scanners will scan for a certain > version. If it's not available, you have a time buffer when you can patch > your stuff, without popping on automated scanners. Assuming that you'll have a time buffer is a catch. You won't. And the worst thing is that your own automated scanners won't be able to notify you about known problems if there are any. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
