Helps with versioning for clients that are interacting with semi-public
auth servers. This is no different than a web server sending that it is
"Apache" or "IIS" or "JBoss Web" or "Tomcat".
Script kiddies will run scripts to figure out the version anyways. You
really aren't slowing them down much by removing the ServerVersionResource
On 1/16/2015 6:57 AM, Stian Thorgersen wrote:
I'm curious about why we have ServerVersionResource? What is it
used for?
Having a public endpoint that shows the version of the server makes it easier for script
kiddies to scan for servers of a specific version, which can then be targeted for known
exploits.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com