hmm this answer doesnt make sense for me, I surely miss something but read it like "hey there is this property you can switch on true but if you google you'll see you shouldn't"
Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber <http://www.tomitribe.com> 2015-05-08 0:15 GMT+02:00 Andy <[email protected]>: > This is what I said and the reason I changed it. And yes the constants > have that for 'server' now, and have also had other values in the past. > > So to be even more complete and correct myself.... changed it from "Apache > Coyote/1.1" to "Apache TomEE", which is still better IMHO. > > @Romain: "you encourage it by making it on the front of the scene." > > That's like saying I'm encouraging someone to change the 'port', which is > also potentially dangerous when put into the hands of an idiot. > I like, and hope, to think that exposing a property would encourage > someone to look it up before changing it blindly. The very first google hit > on 'xpoweredBy' will enlighten even the most fickle reader. > > Sorry if my opinion just does not fit in on that. Another hour of my life > wasted. > > Andy. > > > On 07/05/2015 23:58, Romain Manni-Bucau wrote: > >> 2015-05-07 23:56 GMT+02:00 Andy <[email protected]>: >> >> Also, for completeness: >>> >>> xpoweredBy="*false*" activates nothing, if it were xpoweredBy="*true*" >>> then maybe that might just 'activate' whatever it is you think is being >>> activated here? >>> >>> >>> you encourage it by making it on the front of the scene. >> >> >> server="*Apache TomEE*" merely changes the existing value and also >>> 'activates' nothing. I don't see where you think this is a security >>> issue? >>> Happy to learn though, so please point me to the specific code that this >>> affects? >>> >>> >>> it is on by default is not overrided by the app. >> >> >> Andy. >>> >>> On 07/05/2015 23:21, Romain Manni-Bucau wrote: >>> >>> You activated 2 different headers which is useless since we change >>>> serverinfo by default you already get tomee here. >>>> >>>> That said this is not the real issue. Doing it is a standard security >>>> issue, that is why it is off by default in tomcat so I suggest to not >>>> set >>>> it on by default >>>> >>>> >>>> >>>> >>>> Romain Manni-Bucau >>>> @rmannibucau <https://twitter.com/rmannibucau> | Blog >>>> <http://rmannibucau.wordpress.com> | Github < >>>> https://github.com/rmannibucau> | >>>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber >>>> <http://www.tomitribe.com> >>>> >>>> 2015-05-07 23:10 GMT+02:00 Andy <[email protected]>: >>>> >>>> Some crawlers are using that header as the evaluation. Default is >>>> Apache >>>> >>>>> Tomcat 7.0.x etc and it is always on, so having Apache TomEE will give >>>>> us >>>>> better standing. >>>>> >>>>> Andy. >>>>> >>>>> On 07/05/2015 22:38, Romain Manni-Bucau wrote: >>>>> >>>>> PS (sorry hit enter without wishing it): asking cause I wouldn't >>>>> have it >>>>> >>>>>> on >>>>>> by default as a user >>>>>> >>>>>> >>>>>> Romain Manni-Bucau >>>>>> @rmannibucau <https://twitter.com/rmannibucau> | Blog >>>>>> <http://rmannibucau.wordpress.com> | Github < >>>>>> https://github.com/rmannibucau> | >>>>>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber >>>>>> <http://www.tomitribe.com> >>>>>> >>>>>> 2015-05-07 22:36 GMT+02:00 Romain Manni-Bucau <[email protected] >>>>>> >: >>>>>> >>>>>> Hi >>>>>> >>>>>> What's the goal? We already switch server info,isnt it enough? >>>>>>> >>>>>>> Romain Manni-Bucau >>>>>>> @rmannibucau <https://twitter.com/rmannibucau> | Blog >>>>>>> <http://rmannibucau.wordpress.com> | Github >>>>>>> <https://github.com/rmannibucau> | LinkedIn >>>>>>> <https://www.linkedin.com/in/rmannibucau> | Tomitriber >>>>>>> <http://www.tomitribe.com> >>>>>>> >>>>>>> >>>>>>> ---------- Forwarded message ---------- >>>>>>> From: <[email protected]> >>>>>>> Date: 2015-05-07 22:03 GMT+02:00 >>>>>>> Subject: tomee git commit: TomEE header >>>>>>> To: [email protected] >>>>>>> >>>>>>> >>>>>>> Repository: tomee >>>>>>> Updated Branches: >>>>>>> refs/heads/master 2c4047e14 -> 268b57c86 >>>>>>> >>>>>>> >>>>>>> TomEE header >>>>>>> >>>>>>> >>>>>>> Project: http://git-wip-us.apache.org/repos/asf/tomee/repo >>>>>>> Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/268b57c8 >>>>>>> Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/268b57c8 >>>>>>> Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/268b57c8 >>>>>>> >>>>>>> Branch: refs/heads/master >>>>>>> Commit: 268b57c868c055e3788b85d6ed6a192da094e808 >>>>>>> Parents: 2c4047e >>>>>>> Author: [email protected] <[email protected]> >>>>>>> Authored: Thu May 7 22:03:35 2015 +0200 >>>>>>> Committer: [email protected] <[email protected]> >>>>>>> Committed: Thu May 7 22:03:35 2015 +0200 >>>>>>> >>>>>>> >>>>>>> ---------------------------------------------------------------------- >>>>>>> .../apache/tomee/RemoteTomEEEJBContainerIT.java | 2 +- >>>>>>> .../java/org/apache/tomee/installer/Installer.java | 17 >>>>>>> +++++++++++++++++ >>>>>>> 2 files changed, 18 insertions(+), 1 deletion(-) >>>>>>> >>>>>>> ---------------------------------------------------------------------- >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> http://git-wip-us.apache.org/repos/asf/tomee/blob/268b57c8/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java >>>>>>> >>>>>>> ---------------------------------------------------------------------- >>>>>>> diff --git >>>>>>> >>>>>>> >>>>>>> >>>>>>> a/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java >>>>>>> >>>>>>> >>>>>>> >>>>>>> b/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java >>>>>>> index 70fcf6f..17731b9 100644 >>>>>>> --- >>>>>>> >>>>>>> >>>>>>> >>>>>>> a/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java >>>>>>> +++ >>>>>>> >>>>>>> >>>>>>> >>>>>>> b/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java >>>>>>> @@ -67,7 +67,7 @@ public class RemoteTomEEEJBContainerIT { >>>>>>> " <!-- TomEE plugin for Tomcat -->\n" + >>>>>>> " <Listener >>>>>>> className=\"org.apache.tomee.catalina.ServerListener\" />\n" + >>>>>>> " <Service name=\"Catalina\">\n" + >>>>>>> - " <Connector port=\"" + http + "\" >>>>>>> protocol=\"HTTP/1.1\" >>>>>>> />\n" + >>>>>>> + " <Connector port=\"" + http + "\" >>>>>>> protocol=\"HTTP/1.1\" >>>>>>> xpoweredBy=\"false\" server=\"Apache TomEE\" />\n" + >>>>>>> " <Engine name=\"Catalina\" >>>>>>> defaultHost=\"localhost\">\n" + >>>>>>> " <Host name=\"localhost\" >>>>>>> appBase=\"webapps\"\n" >>>>>>> + >>>>>>> " unpackWARs=\"true\" >>>>>>> autoDeploy=\"true\">\n" + >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> http://git-wip-us.apache.org/repos/asf/tomee/blob/268b57c8/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java >>>>>>> >>>>>>> ---------------------------------------------------------------------- >>>>>>> diff --git >>>>>>> >>>>>>> >>>>>>> >>>>>>> a/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java >>>>>>> >>>>>>> >>>>>>> >>>>>>> b/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java >>>>>>> index 0308c3d..60bd8f7 100644 >>>>>>> --- >>>>>>> >>>>>>> >>>>>>> >>>>>>> a/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java >>>>>>> +++ >>>>>>> >>>>>>> >>>>>>> >>>>>>> b/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java >>>>>>> @@ -448,6 +448,23 @@ public class Installer implements >>>>>>> InstallerInterface { >>>>>>> alerts.addError("Error while adding listener to >>>>>>> server.xml >>>>>>> file", e); >>>>>>> } >>>>>>> >>>>>>> + //Add TomEE header >>>>>>> + try { >>>>>>> + newServerXml = Installers.replace(serverXmlOriginal, >>>>>>> + "<Connector port=\"8080\"", >>>>>>> + "<Connector port=\"8080\"", >>>>>>> + "/>", >>>>>>> + "xpoweredBy=\"false\" server=\"Apache TomEE\" >>>>>>> />"); >>>>>>> + >>>>>>> + newServerXml = Installers.replace(serverXmlOriginal, >>>>>>> + "<Connector port=\"8443\"", >>>>>>> + "<Connector port=\"8443\"", >>>>>>> + "/>", >>>>>>> + "xpoweredBy=\"false\" server=\"Apache TomEE\" >>>>>>> />"); >>>>>>> + } catch (final IOException e) { >>>>>>> + alerts.addError("Error adding server attribute to >>>>>>> server.xml >>>>>>> file", e); >>>>>>> + } >>>>>>> + >>>>>>> // overwrite server.xml >>>>>>> if (Installers.writeAll(paths.getServerXmlFile(), >>>>>>> newServerXml, >>>>>>> alerts)) { >>>>>>> alerts.addInfo("Add OpenEJB listener to server.xml"); >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>> Andy Gumbrecht >>>>> https://twitter.com/AndyGeeDe >>>>> >>>>> >>>>> >>>>> -- >>> Andy Gumbrecht >>> https://twitter.com/AndyGeeDe >>> >>> >>> > -- > Andy Gumbrecht > https://twitter.com/AndyGeeDe > >
