well I don't consider that an security issue. just because you know someone is using jsp tags, it doesn't mean you know how the whole architecture works. The only thing it tells a competitor is that it is feasible to use jsp tags.
beyond that, all the important and interesting stuff is what makes an impact on how well a site works and performs. but I could be wrong. peter On Wed, 08 Sep 2004 10:55:28 -0700, Brad Neuberg <[EMAIL PROTECTED]> wrote: > At 10:49 AM 9/8/2004, you wrote: > >it is not on by default due to spec issues. for tomcat to be strictly > >compliant, by default it should not strip the extra carriage returns. > > > >If you search the mailing list back to 2001-2002, you see there was > >lots of discussion about it. the funny thing is, it also makes it easy > >to tell when a website uses jsp tags. > > > >that's an easy way to figure out if a website is using a servlet > >container and jsp tags. > > That seems like a security issue to me. You can fingerprint a remote site > and determine what technology they are using, even if they have taken steps > to hide the JSP ending from their files. > > Brad > > >peter > > > > > >On Wed, 08 Sep 2004 10:45:00 -0700, Brad Neuberg <[EMAIL PROTECTED]> wrote: > > > Yoav, thanks; this works. One question; why isn't this true by default? > > > > > > Brad > > > > > > At 09:56 AM 9/8/2004, you wrote: > > > > > > >Hi, > > > >trimSpaces at > > > >http://jakarta.apache.org/tomcat/tomcat-5.5-doc/jasper-howto.html. > > > > > > > >Yoav Shapira > > > >Millennium Research Informatics > > > > > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
