myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Kienenberger <mkien...@gmail.com>
Subject Re: Suppress <!-- MYFACES JAVASCRIPT --> giveaway?
Date Wed, 11 Feb 2009 00:49:53 GMT
If not, submit a patch :-)  If nothing else, it can be made into a
configuration parameter, but really, I don't know if the comment is
even necessary.

On Tue, Feb 10, 2009 at 7:41 PM, kennardconsulting
<richard@kennardconsulting.com> wrote:
>
> Hi all,
>
> First, thanks for a wonderful implementation of JSF!
>
> I am trying to security 'harden' our Web site and one technique is to avoid
> giving away architectual information. For example, we suppress the X-Server
> HTTP header so you don't know what server we are using. We map '*.jsf' to
> something else so you can't tell we're using JSF.
>
> There are a few remaining giveaways, and a BIG one is the comment that
> MyFaces inserts into the generated HTML just before the end of the body:
>
> <!-- MYFACES JAVASCRIPT -->
>
> Is there any way to suppress this?
>
> Thanks,
>
> Richard.
>
>
>
> --
> View this message in context: http://www.nabble.com/Suppress-%3C%21---MYFACES-JAVASCRIPT---%3E-giveaway--tp21946087p21946087.html
> Sent from the MyFaces - Users mailing list archive at Nabble.com.
>
>

Mime
View raw message