[mapserver-dev] Dropping Version Output?

[Rahkonen Jukka (MML)]

Hi,

Do you mean the comment line in the WMS and WFS 1.0.0 GetCapabilities that is not included in WFS 1.1.0, 2.0.0, and WCS.xxx as can be easily tested at https://demo.mapserver.org/?

I think that the message is useful when trying to help someone else who has problems and who cannot run mapserv -v on the server. But advertising the Mapserver version is also considered as a security threat and at least we at NLS rip it off from our production services in our web facade. I guess that people with some knowledge can still find enough fingerprints about the make of the server with a bunch of considered requests but finding the exact version it is not so easy.

I would say that at least there should be an easy way to remove the version info. It would be also nice if all services behaved in the same way, just tried to help some user with Mapserver WFS 1.1.0 but that server did not publish WMS nor WFS 1.0.0 so I could not find the version.


Lähettäjä: MapServer-dev <mapserver-dev-bounces at lists.osgeo.org> Puolesta Steve Lime
Lähetetty: keskiviikko 16. helmikuuta 2022 3.49
Vastaanottaja: MapServer Dev Mailing List <mapserver-dev at lists.osgeo.org>
Aihe: [mapserver-dev] Dropping Version Output?

What do folks think about dropping the version output from MapServer? That is, output like:


<!-- MapServer version 7.6.4 OUTPUT=PNG OUTPUT=JPEG SUPPORTS=PROJ SUPPORTS=AGG SUPPORTS=FREETYPE SUPPORTS=CAIRO SUPPORTS=ICONV SUPPORTS=WMS_SERVER SUPPORTS=WMS_CLIENT SUPPORTS=WFS_SERVER SUPPORTS=WCS_SERVER SUPPORTS=GEOS SUPPORTS=POINT_Z_M SUPPORTS=PBF INPUT=JPEG INPUT=POSTGIS INPUT=OGR INPUT=GDAL INPUT=SHAPEFILE -->


I'm not sure that advertising version and supported components makes sense anymore. Might be able to make it tunable via the config file but I'm not sure that's even necessary.

--Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20220216/f145184a/attachment.html>