[mapguide-internals] should GETSITEVERSION be always available?
Kenneth Skovhede, GEOGRAF A/S
ks at geograf.dk
Thu Jun 25 13:18:47 EDT 2009
I agree with Jason, a client should be able to handle different version
Knowing the version number will potentially let an attacker know
if a certain weakness is present in the software (eg, has an SP been
If we cut the revision from the secure version, it will be more dificult to
figure out if a weakness is present, while still maintaining the option to
allow version tolerant clients.
Regards, Kenneth Skovhede, GEOGRAF A/S
Jason Birch skrev:
> I think that clients should probably be able to rely on at least a major version number (2.0 or 2.1) being obtainable from the server even in secure mode. Otherwise there would be no way of making version-tolerant client apps.
> -----Original Message-----
> From: Martin Morrison
> Sent: Thursday, June 25, 2009 5:45 AM
> To: MapGuide Internals Mail List
> Subject: RE: [mapguide-internals] should GETSITEVERSION be always available?
> In a secure environment the less information you give out the better. That being said for the RFC that is being discussed, how many servers are in a secure environment actually need to ping the server?
> mapguide-internals mailing list
> mapguide-internals at lists.osgeo.org
More information about the mapguide-internals