Hmm, so why do you want to treat the system administrator like one?
On 08/05/2015 00:21, Romain Manni-Bucau wrote:
Sure security is all about children...
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
<http://www.tomitribe.com>
2015-05-08 0:19 GMT+02:00 Andy <[email protected]>:
I was just thinking 'Kindergarten', how strange...
On 08/05/2015 00:17, Romain Manni-Bucau wrote:
hmm this answer doesnt make sense for me, I surely miss something but read
it like "hey there is this property you can switch on true but if you
google you'll see you shouldn't"
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<http://rmannibucau.wordpress.com> | Github <
https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
<http://www.tomitribe.com>
2015-05-08 0:15 GMT+02:00 Andy <[email protected]>:
This is what I said and the reason I changed it. And yes the constants
have that for 'server' now, and have also had other values in the past.
So to be even more complete and correct myself.... changed it from
"Apache
Coyote/1.1" to "Apache TomEE", which is still better IMHO.
@Romain: "you encourage it by making it on the front of the scene."
That's like saying I'm encouraging someone to change the 'port', which is
also potentially dangerous when put into the hands of an idiot.
I like, and hope, to think that exposing a property would encourage
someone to look it up before changing it blindly. The very first google
hit
on 'xpoweredBy' will enlighten even the most fickle reader.
Sorry if my opinion just does not fit in on that. Another hour of my life
wasted.
Andy.
On 07/05/2015 23:58, Romain Manni-Bucau wrote:
2015-05-07 23:56 GMT+02:00 Andy <[email protected]>:
Also, for completeness:
xpoweredBy="*false*" activates nothing, if it were xpoweredBy="*true*"
then maybe that might just 'activate' whatever it is you think is being
activated here?
you encourage it by making it on the front of the scene.
server="*Apache TomEE*" merely changes the existing value and also
'activates' nothing. I don't see where you think this is a security
issue?
Happy to learn though, so please point me to the specific code that
this
affects?
it is on by default is not overrided by the app.
Andy.
On 07/05/2015 23:21, Romain Manni-Bucau wrote:
You activated 2 different headers which is useless since we change
serverinfo by default you already get tomee here.
That said this is not the real issue. Doing it is a standard security
issue, that is why it is off by default in tomcat so I suggest to not
set
it on by default
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<http://rmannibucau.wordpress.com> | Github <
https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
<http://www.tomitribe.com>
2015-05-07 23:10 GMT+02:00 Andy <[email protected]>:
Some crawlers are using that header as the evaluation. Default is
Apache
Tomcat 7.0.x etc and it is always on, so having Apache TomEE will
give
us
better standing.
Andy.
On 07/05/2015 22:38, Romain Manni-Bucau wrote:
PS (sorry hit enter without wishing it): asking cause I wouldn't
have it
on
by default as a user
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<http://rmannibucau.wordpress.com> | Github <
https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
<http://www.tomitribe.com>
2015-05-07 22:36 GMT+02:00 Romain Manni-Bucau <
[email protected]
:
Hi
What's the goal? We already switch server info,isnt it enough?
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<http://rmannibucau.wordpress.com> | Github
<https://github.com/rmannibucau> | LinkedIn
<https://www.linkedin.com/in/rmannibucau> | Tomitriber
<http://www.tomitribe.com>
---------- Forwarded message ----------
From: <[email protected]>
Date: 2015-05-07 22:03 GMT+02:00
Subject: tomee git commit: TomEE header
To: [email protected]
Repository: tomee
Updated Branches:
refs/heads/master 2c4047e14 -> 268b57c86
TomEE header
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit:
http://git-wip-us.apache.org/repos/asf/tomee/commit/268b57c8
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/268b57c8
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/268b57c8
Branch: refs/heads/master
Commit: 268b57c868c055e3788b85d6ed6a192da094e808
Parents: 2c4047e
Author: [email protected] <[email protected]>
Authored: Thu May 7 22:03:35 2015 +0200
Committer: [email protected] <[email protected]>
Committed: Thu May 7 22:03:35 2015 +0200
----------------------------------------------------------------------
.../apache/tomee/RemoteTomEEEJBContainerIT.java | 2 +-
.../java/org/apache/tomee/installer/Installer.java | 17
+++++++++++++++++
2 files changed, 18 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/268b57c8/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java
----------------------------------------------------------------------
diff --git
a/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java
b/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java
index 70fcf6f..17731b9 100644
---
a/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java
+++
b/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java
@@ -67,7 +67,7 @@ public class RemoteTomEEEJBContainerIT {
" <!-- TomEE plugin for Tomcat -->\n" +
" <Listener
className=\"org.apache.tomee.catalina.ServerListener\" />\n" +
" <Service name=\"Catalina\">\n" +
- " <Connector port=\"" + http + "\"
protocol=\"HTTP/1.1\"
/>\n" +
+ " <Connector port=\"" + http + "\"
protocol=\"HTTP/1.1\"
xpoweredBy=\"false\" server=\"Apache TomEE\" />\n" +
" <Engine name=\"Catalina\"
defaultHost=\"localhost\">\n" +
" <Host name=\"localhost\"
appBase=\"webapps\"\n"
+
" unpackWARs=\"true\"
autoDeploy=\"true\">\n" +
http://git-wip-us.apache.org/repos/asf/tomee/blob/268b57c8/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java
----------------------------------------------------------------------
diff --git
a/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java
b/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java
index 0308c3d..60bd8f7 100644
---
a/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java
+++
b/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java
@@ -448,6 +448,23 @@ public class Installer implements
InstallerInterface {
alerts.addError("Error while adding listener to
server.xml
file", e);
}
+ //Add TomEE header
+ try {
+ newServerXml = Installers.replace(serverXmlOriginal,
+ "<Connector port=\"8080\"",
+ "<Connector port=\"8080\"",
+ "/>",
+ "xpoweredBy=\"false\" server=\"Apache TomEE\"
/>");
+
+ newServerXml = Installers.replace(serverXmlOriginal,
+ "<Connector port=\"8443\"",
+ "<Connector port=\"8443\"",
+ "/>",
+ "xpoweredBy=\"false\" server=\"Apache TomEE\"
/>");
+ } catch (final IOException e) {
+ alerts.addError("Error adding server attribute to
server.xml
file", e);
+ }
+
// overwrite server.xml
if (Installers.writeAll(paths.getServerXmlFile(),
newServerXml,
alerts)) {
alerts.addInfo("Add OpenEJB listener to
server.xml");
--
Andy Gumbrecht
https://twitter.com/AndyGeeDe
--
Andy Gumbrecht
https://twitter.com/AndyGeeDe
--
Andy Gumbrecht
https://twitter.com/AndyGeeDe
--
Andy Gumbrecht
https://twitter.com/AndyGeeDe
--
Andy Gumbrecht
https://twitter.com/AndyGeeDe
