tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <>
Subject Re: cvs commit: jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11
Date Mon, 13 Sep 2004 22:49:56 GMT
Mark Thomas wrote:

>Making the value of the server header configurable, as per Tim's suggestion
>earlier in this thread, would meet the user requirement described in bug 16254
>which is my main concern. Providing this is done in a way that doesn't impact
>performance, would you find this an acceptable compromise?
The issue is that there's no value in this: it would likely take 5 
minutes for an attacker to figure out the webserver is running Tomcat. 
The Server header is maybe the less visible of them (and gives little 
information when compared to the others).

So why bother about this ? (that's my point)


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message