Tuesday, April 28, 2015

How to rename crfstoken

Hi, i found, that my site is detected by http://trends.builtwith.com/framework/Django-CSRF by crfstoken header.
I think, it's security breach, when users know what framework is used on server side.
There must have such web server tuning, that no one can detect framework and server side programming language.

You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/768a1d03-e749-428a-8094-4a2d2f27e873%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment