[Calypso] [PATCH] Drop version from basic auth realm

Jelmer Vernooij jelmer at jelmer.uk
Wed Jan 27 04:10:05 PST 2016



On 27 January 2016 11:38:44 GMT+00:00, Petter Reinholdtsen <pere at hungry.com> wrote:
>[Guido G√ľnther]
>> otherwise we get a password prompt on each version upgrade in
>> e.g. iceowl.
>> ---
>> Spotted by updating an instance to git master.
>
>Look good to me. :)
>
>Is there any reason to include the server version number in the
>response
>header?  It could be seen as a security problem, if some versions have
>holes...
 
It can be useful when debugging issues when you don't have access to the server (e.g. when it's run as infrastructure). Not sure how relevant that is for calypso at the moment though.

Personally, I'm not letting untrusted users access calypso anyway.

Jelmer



More information about the Calypso mailing list