Re: [Summary-Talk] internal summary Apache

To: summary-talk@xxxxxxxxxxxxxxxxx
Subject: Re: [Summary-Talk] internal summary Apache
From: Alex Pilson <alex@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 1 Nov 2005 13:09:34 -0500
Reply-to: summary-talk@xxxxxxxxxxxxxxxxx
Sender: owner-summary-talk@xxxxxxxxxxxxxxxxx

At 12:53 PM -0500 11/1/05, Jason Linhart wrote:
>Summary does not use Apache internally, nor does Summary's built in web
>server have any features which correspond to what ServerSignature or
>ServerTokens control. In effect, they are always turned off in Summary.
>
>The closest correspondence that I can think of is that Summary puts the
>release date of the version of Summary you are running in the page
>footer by default. It is not at all clear how a hacker could take
>advantage of that, since there are no known security issues in Summary
>that the release date could help them take advantage of. If it troubles
>you, and you have Summary SP Lite or SP, you can change the default page
>footer to remove the release date.
>
>My guess is that Hacker Safe has gotten confused. They presumably saw
>something that vaguely resembles the signature of a known vulnerability
>in Apache. Since Apache is not involved here, those known issues in
>older versions of Apache can't possibly apply to Summary.

Cool, thanks. That should suffice to make them remove this alert on
this site. Thank you!
-- 

<--------------------------------------------------------------->
      Alex Pilson
      FlagShip Interactive, Inc.
      alex@flagshipinteractive.com
<--------------------------------------------------------------->
-------------
Go to <http://summary.net/list.html> to update subscription info.

Prev by Date: Re: [Summary-Talk] internal summary Apache
Next by Date: Re: [Summary-Talk] Summary on OS X Server
Previous by thread: Re: [Summary-Talk] internal summary Apache
Next by thread: [Summary-Talk] Bug: Summary 2.6.4 ignores 2.6.2 global disabled report config
Index(es):
- Date
- Thread