The other day i read an article (nfortunately only in a german magazine) about security for web applications and web servers. one of them was discussing how important it can be sometimes to obfuscate the http headers.
Hackers can use different tools to find out more about the server running on any rendomly selected ip. they use tools like nmap or httprint (
http://net-square.com/httprint/). for example on the httprint website is stating the following:
[b][...]
httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask.
[...]
[/b]
See how easy Glassfish is making it for hackers? Once they know what server you are running on combined with potentional bugs they might know about they can start their specific attack patterns on that server.
Other servers allow easily for obfuscation. i want this feature to be available for netbeans also!
Do you agree or don't you? If I am not the only one requesting this i will oficcially open a new feature request for glassfish 3.1 - so one you red this here please leave a comment!
[Message sent by forum member 'nabizamani']
http://forums.java.net/jive/thread.jspa?messageID=481004