[Catalyst] Can you tell if a server is running Catalyst?

Marcello Romani mromani at ottotecnica.com
Thu May 18 17:55:53 CEST 2006 

Aran Deltac ha scritto:
> On 5/18/06, Marcello Romani <mromani at ottotecnica.com> wrote:
>> Wijnand Wiersma ha scritto:
>>> Daniel McBrearty wrote:
>>>> I also like this feature. To my mind, the less is visible about how
>>>> the site is implemented, the better, from POV of security.
>>> That is IMHO a very bad POV!
>>>
>> Why ?
> 
> Because "security through obscurity" is BAD.  Security through
> properly tested and hardened systems is GOOD.  If your system is
> properly secure then there is nothing wrong with advertising every
> single little bit of software and the version for everyone to see.
> 
> If someone feels like they are taking security measures by hiding the
> software they use from being known then they are probably less secure
> since they are living in a false sense of  security which makes them
> lazy.
> 
> Aran

While I agree with you, especially when you talk about a "false sense of 
security", I also think that rejecting the concept of secutiry through 
obscurity does not mean automatically exposing every bit of information 
about one's system.
Just to make an example, the fact that my apache server signature 
doesn't show its exact version does not mean I'm more protected against 
attacks; nonetheless, if this simple measure can lower the probability 
that a script kiddie or a bot will try a particular exploit against my 
web server, then I'd definilty adopt it.

> 
>> OTOH one can always put a "Catalyst x.xx" string in the server signature.
>>
>>> Wijnand

Marcello

PS I think this thread is getting quite OT !-)

>>>
>>> _______________________________________________
>>> Catalyst mailing list
>>> Catalyst at lists.rawmode.org
>>> http://lists.rawmode.org/mailman/listinfo/catalyst
>>>
>>>
>>
>> --
>> Marcello Romani
>> Responsabile IT
>> Ottotecnica s.r.l.
>> http://www.ottotecnica.com
>>
>> _______________________________________________
>> Catalyst mailing list
>> Catalyst at lists.rawmode.org
>> http://lists.rawmode.org/mailman/listinfo/catalyst
>>
> 
> _______________________________________________
> Catalyst mailing list
> Catalyst at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst
> 
> 


-- 
Marcello Romani
Responsabile IT
Ottotecnica s.r.l.
http://www.ottotecnica.com

More information about the Catalyst mailing list