April 27th, 2003, 04:14 AM
I have a few things that I need to know, thus, I hope anyone smart out there could answer some of these questions.
I am wondering if it's possible for a client web-browser to query the server, so that it knows what OS the server is running and what applications it uses to host its website (e.g. php, java, apache, etc)?
If it's possible, isn't it a big security issue?
April 27th, 2003, 04:28 AM
Well it is possible, and you can disable it if you wish, security by obscurity. Apache has an option in the config so all it reports is Apache and doesnt reveal any modules or versions. I really don't see how its that much of an issue if everything is kept upto date with security patches and the like. Netcraft have a section on their site where you can find out what OS a server is running - http://uptime.netcraft.com
April 28th, 2003, 11:19 AM
Generally most network daemons identify themselves by default. Also telnet sometimes (as far as i know) gives out the os. Generally it's not a security issue, more over many servers post such info on their web sites.