Mark Thomas wrote:
Making the value of the server header configurable, as per Tim's suggestion
earlier in this thread, would meet the user requirement described in bug 16254
which is my main concern. Providing this is done in a way that doesn't impact
performance, would you find this an acceptable compromise?
The issue is that there's no value in this: it would likely take 5
minutes for an attacker to figure out the webserver is running Tomcat.
The Server header is maybe the less visible of them (and gives little
information when compared to the others).
So why bother about this ? (that's my point)
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
