RhodeCode version disclosure

Issue #842 resolved
Systems Administration created an issue

As per http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html it is considered safer not to disclose the software version publicly, even if this is security through obscurity.

I am attaching a (trivial) diff file that fixes this issue.

Comments (3)

  1. Marcin Kuzminski repo owner

    Thanks ! I'll put an configuration option into .ini file to hide version number.

  2. Log in to comment