Feathers, Rangers, and Ivory Towers

About
Musings about open-source, baseball, and life as a grad student.
By: Justin R. Erenkrantz
Subscribe (Atom)
Weblog Home

March
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Themes

Links

 Wed, 02 Mar 2005

Bye, bye Blue.

It was a great 12 years. (Wow.)

How about that crew, eh?

[/random] permanent link

Security through obscurity is bad...

One of the arguments that seemed to have been made in favor of dropping the connection instead of sending a 400 Bad Request is that it provides too much information to the attackers. There are arguments against this that were made by others based on how it makes it harder for a client developer.

Well, you point me at a web server, I'm likely to be able to track down exactly what version of what web server and OS you are running even without any explicit information like what is sent in the Server header or the pointless mis-representation of what server you are using.

The only real defense is to have a secure server to begin with.

[/apache] permanent link


Powered by Bloxsom Creative Commons Attribution License Valid XHTML 1.0 Strict! Valid CSS! [Blue Ribbon Campaign icon]