Support

alberto · #1 03-18-2007, 06:18 AM

We run e-commerce sites on our servers, so security is always a big concern.

Hence the importance of minimizing the amount of information an attacker can get from our system.

I know it's important for you to get as much exposure as possible for LiteSpeed, but I think it should not be done at the expense of your customers. Finally I ask you:

Is it possible to hide LiteSpeed server signature? Does LiteSpeed offers this option?

mistwang · #2 03-18-2007, 11:24 AM

First, we think LiteSpeed is the most secure web server out there.

Second, the security by obscure does not really help much, if any help at all.

alberto · #3 03-19-2007, 02:58 AM

"Second, the security by obscure does not really help much, if any help at all."

That's true, but any security boost is welcome in the e-commerce world.

Signature hiding might be so easy to implement that I can't believe you don't have it...

mistwang · #4 03-19-2007, 09:31 AM

Yeah, it is very easy to implement, we will consider adding it in future release.

rubyjuice · #5 09-11-2007, 05:10 PM

I trust that Litespeed is as secure as it is fast, but, that's not the point.

Obscurity may not be security, but that doesn't mean it's not a useful tool. Deception is a useful and cheap mechanism to employ. If a vulnerability is ever discovered, it may just help my server "hide" from the casual attacker until the weakness is patched.

Please add it to a future release, especially if it is easy to implement. :P

mistwang · #6 09-11-2007, 06:13 PM

Enterprise edition can completely hide the server signature.