[mapguide-internals] should GETSITEVERSION be always available?

Kenneth Skovhede, GEOGRAF A/S ks at geograf.dk
Thu Jun 25 13:18:47 EDT 2009

I agree with Jason, a client should be able to handle different version 

Knowing the version number will potentially let an attacker know
if a certain weakness is present in the software (eg, has an SP been 

If we cut the revision from the secure version, it will be more dificult to
figure out if a weakness is present, while still maintaining the option to
allow version tolerant clients.

Regards, Kenneth Skovhede, GEOGRAF A/S

Jason Birch skrev:
> I think that clients should probably be able to rely on at least a major version number (2.0 or 2.1) being obtainable from the server even in secure mode.  Otherwise there would be no way of making version-tolerant client apps.
> Jason
> -----Original Message-----
> From: Martin Morrison
> Sent: Thursday, June 25, 2009 5:45 AM
> To: MapGuide Internals Mail List
> Subject: RE: [mapguide-internals] should GETSITEVERSION be always available?
> In a secure environment the less information you give out the better.  That being said for the RFC that is being discussed, how many servers are in a secure environment actually need to ping the server?
> _______________________________________________
> mapguide-internals mailing list
> mapguide-internals at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-internals

More information about the mapguide-internals mailing list