Mark Thomas wrote:
From: Remy Maucherat [mailto:[EMAIL PROTECTED]
The issue is that there's no value in this: it would likely take 5 minutes for an attacker to figure out the webserver is running Tomcat. The Server header is maybe the less visible of them (and gives little information when compared to the others).
So why bother about this ? (that's my point)
Because users want the functionality.
Cool. Let the morons rule, then ;)
If it can be done without hitting performance, why not do it?
Because useless functionality is bloat, and should not be added.
Rémy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
