[Calypso] [PATCH] Drop version from basic auth realm
Jelmer Vernooij
jelmer at jelmer.uk
Wed Jan 27 04:10:05 PST 2016
On 27 January 2016 11:38:44 GMT+00:00, Petter Reinholdtsen <pere at hungry.com> wrote:
>[Guido Günther]
>> otherwise we get a password prompt on each version upgrade in
>> e.g. iceowl.
>> ---
>> Spotted by updating an instance to git master.
>
>Look good to me. :)
>
>Is there any reason to include the server version number in the
>response
>header? It could be seen as a security problem, if some versions have
>holes...
It can be useful when debugging issues when you don't have access to the server (e.g. when it's run as infrastructure). Not sure how relevant that is for calypso at the moment though.
Personally, I'm not letting untrusted users access calypso anyway.
Jelmer
More information about the Calypso
mailing list