Server Signature

Discussion in 'General' started by alberto, Mar 18, 2007.

  1. alberto

    alberto Member

    We run e-commerce sites on our servers, so security is always a big concern.

    Hence the importance of minimizing the amount of information an attacker can get from our system.

    I know it's important for you to get as much exposure as possible for LiteSpeed, but I think it should not be done at the expense of your customers. Finally I ask you:

    Is it possible to hide LiteSpeed server signature? Does LiteSpeed offers this option?
  2. mistwang

    mistwang LiteSpeed Staff

    First, we think LiteSpeed is the most secure web server out there. ;)
    Second, the security by obscure does not really help much, if any help at all.
  3. alberto

    alberto Member

    "Second, the security by obscure does not really help much, if any help at all."

    That's true, but any security boost is welcome in the e-commerce world.

    Signature hiding might be so easy to implement that I can't believe you don't have it... :(
  4. mistwang

    mistwang LiteSpeed Staff

    Yeah, it is very easy to implement, we will consider adding it in future release.
  5. rubyjuice

    rubyjuice Member

    I'd like to see this also

    I trust that Litespeed is as secure as it is fast, but, that's not the point. :)

    Obscurity may not be security, but that doesn't mean it's not a useful tool. Deception is a useful and cheap mechanism to employ. If a vulnerability is ever discovered, it may just help my server "hide" from the casual attacker until the weakness is patched.

    Please add it to a future release, especially if it is easy to implement. :p
  6. mistwang

    mistwang LiteSpeed Staff

    Enterprise edition can completely hide the server signature.

Share This Page