https://issues.apache.org/bugzilla/show_bug.cgi?id=52751
--- Comment #5 from Konstantin Kolinko <knst.koli...@gmail.com> 2012-03-22 13:22:16 UTC --- I am OK with the patch, but there is a problem: it would not work if Tomcat is accessed through AJP protocol. The patch relies on the use of AbstractHttp11Protocol to get the "server" setting. Maybe the "server" attribute should be exposed through AbstractProtocol or Endpoint or elsewhere. I had a fear that the default value of "server" attribute which is documented to be "Apache-Coyote/1.1" will be visible here. Actually it should not be the case here. The "Apache-Coyote/1.1" string (aka Constants.SERVER_BYTES) is used by AbstractHttp11Processor only if the server attribute is null. > I would prefer to see the exact Tomcat version in the server header +1. I wonder though how coyote can get Tomcat version. Wouldn't that add an unwanted dependency between components. > particularly the line numbers in any stack trace. The stack traces can be hidden. Most error pages do not display them. One can configure a custom error page for error 500. > manipulating directly the jar file. Note, that there is no need to manipulate the jar file! One can create the following file: CATALINA_BASE/lib/org/apache/catalina/util/ServerInfo.properties (I thought it is mentioned in the FAQ, but cannot find it at this moment). It is written here: http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html#Valves -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
