Hacker News new | past | comments | ask | show | jobs | submit login

> I don't think a small nudge to actually pay for the thing that benefits you, or have a small note somewhere that you're not paying for it that someone might--gasp!--see, is as big a deal as the histrionics throughout this thread suggest. You don't have a problem because there's an HTTP header,

The problem with the HTTP header is that it reveals details about which www server you're running to the user, who may be a potential attacker. This makes it easier for a potential attacker to select tools with which to attack you. Apache and Nginx (and most likely other web servers) offer config settings which disable emitting information about the software and version in use. There are other ways to guess the software/version but it becomes harder.

This is an actual security problem, not some issue of feelings.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: