yes. This can be in the user's code: response.headers['X-Powered-By'] = 'xping'
On Sunday, 12 April 2020 12:47:31 UTC-7, Alex Beskopilny wrote: > > cd web2py/gluon > grep -r X-Powered-By > ./globals.py: self.headers['X-Powered-By'] = 'xping' > > > воскресенье, 12 апреля 2020 г., 16:02:13 UTC+3 пользователь Yan Wong > написал: >> >> I'm a bit disappointed that web2py by default sets `X-Powered-By: web2py` >> in the http header, thus making it easier for web-scanning tools to detect >> the software running behind a web site, and allow more targetted attacks. >> Is there an easy config option to efficiently turn this off for all pages / >> json responses etc served by web2py? Also, are there other ways to obscure >> the fact that it is web2py / python running on a web server, and reduce >> information disclosure? For example, can anyone detect what python version >> I'm running by using web queries: I see that rocket server puts the python >> version in the `Server:` header, which seems bad to me, although my >> production machine simply returns `Server: nginx` which is a little better, >> I suppose. I suspect it will never be possible to obscure the software >> entirely, but anything that makes it harder for the script kiddies seems >> like an easy win to me. >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/8501f04d-8fc7-4d57-b728-d3da994d12a8%40googlegroups.com.
