We are getting evaluated and one of the items that I need to do is change
the "ServerInfo.properties" in the catalina.jar to set "server.info" and
"server.version" to nonsense (really).
I have the following Valve setup as well:
<Valve className="org.apache.catalina.valves.ErrorReportValve"
showReport="false"
showServerInfo="false" />
At what point would the "ServerInfo.properties" actually show a version and
server name to an end user?
I am just wondering if mucking with the jar every release is a worthwhile
thing and what security implications (if any) are involved.
Thanks,
Bob
