[keycloak-dev] What is ServerVersionResource used for?
Bill Burke
bburke at redhat.com
Fri Jan 16 09:04:54 EST 2015
Helps with versioning for clients that are interacting with semi-public
auth servers. This is no different than a web server sending that it is
"Apache" or "IIS" or "JBoss Web" or "Tomcat".
Script kiddies will run scripts to figure out the version anyways. You
really aren't slowing them down much by removing the ServerVersionResource
On 1/16/2015 6:57 AM, Stian Thorgersen wrote:
> I'm curious about why we have ServerVersionResource? What is it used for?
>
> Having a public endpoint that shows the version of the server makes it easier for script kiddies to scan for servers of a specific version, which can then be targeted for known exploits.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list