[Catalyst] Can you tell if a server is running Catalyst?

Aran Deltac aran at arandeltac.com
Thu May 18 17:03:00 CEST 2006


On 5/18/06, Marcello Romani <mromani at ottotecnica.com> wrote:
> Wijnand Wiersma ha scritto:
> > Daniel McBrearty wrote:
> >> I also like this feature. To my mind, the less is visible about how
> >> the site is implemented, the better, from POV of security.
> > That is IMHO a very bad POV!
> >
>
> Why ?

Because "security through obscurity" is BAD.  Security through
properly tested and hardened systems is GOOD.  If your system is
properly secure then there is nothing wrong with advertising every
single little bit of software and the version for everyone to see.

If someone feels like they are taking security measures by hiding the
software they use from being known then they are probably less secure
since they are living in a false sense of  security which makes them
lazy.

Aran

> OTOH one can always put a "Catalyst x.xx" string in the server signature.
>
> > Wijnand
> >
> > _______________________________________________
> > Catalyst mailing list
> > Catalyst at lists.rawmode.org
> > http://lists.rawmode.org/mailman/listinfo/catalyst
> >
> >
>
>
> --
> Marcello Romani
> Responsabile IT
> Ottotecnica s.r.l.
> http://www.ottotecnica.com
>
> _______________________________________________
> Catalyst mailing list
> Catalyst at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst
>



More information about the Catalyst mailing list