tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Lin <wool...@gmail.com>
Subject Re: JSP Compiler produces huge HTML files with whitespace
Date Wed, 08 Sep 2004 18:00:05 GMT
well I don't consider that an security issue. just because you know
someone is using jsp tags, it doesn't mean you know how the whole
architecture works. The only thing it tells a competitor is that it is
feasible to use jsp tags.

beyond that, all the important and interesting stuff is what makes an
impact on how well a site works and performs.

but I could be wrong.

peter


On Wed, 08 Sep 2004 10:55:28 -0700, Brad Neuberg <bkn3@columbia.edu> wrote:
> At 10:49 AM 9/8/2004, you wrote:
> >it is not on by default due to spec issues. for tomcat to be strictly
> >compliant, by default it should not strip the extra carriage returns.
> >
> >If you search the mailing list back to 2001-2002, you see there was
> >lots of discussion about it. the funny thing is, it also makes it easy
> >to tell when a website uses jsp tags.
> >
> >that's an easy way to figure out if a website is using a servlet
> >container and jsp tags.
> 
> That seems like a security issue to me.  You can fingerprint a remote site
> and determine what technology they are using, even if they have taken steps
> to hide the JSP ending from their files.
> 
> Brad
> 
> >peter
> >
> >
> >On Wed, 08 Sep 2004 10:45:00 -0700, Brad Neuberg <bkn3@columbia.edu> wrote:
> > > Yoav, thanks; this works.  One question; why isn't this true by default?
> > >
> > > Brad
> > >
> > > At 09:56 AM 9/8/2004, you wrote:
> > >
> > > >Hi,
> > > >trimSpaces at
> > > >http://jakarta.apache.org/tomcat/tomcat-5.5-doc/jasper-howto.html.
> > > >
> > > >Yoav Shapira
> > > >Millennium Research Informatics
> 
> 
> > > >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message