If not, submit a patch :-) If nothing else, it can be made into a configuration parameter, but really, I don't know if the comment is even necessary.
On Tue, Feb 10, 2009 at 7:41 PM, kennardconsulting <[email protected]> wrote: > > Hi all, > > First, thanks for a wonderful implementation of JSF! > > I am trying to security 'harden' our Web site and one technique is to avoid > giving away architectual information. For example, we suppress the X-Server > HTTP header so you don't know what server we are using. We map '*.jsf' to > something else so you can't tell we're using JSF. > > There are a few remaining giveaways, and a BIG one is the comment that > MyFaces inserts into the generated HTML just before the end of the body: > > <!-- MYFACES JAVASCRIPT --> > > Is there any way to suppress this? > > Thanks, > > Richard. > > > > -- > View this message in context: > http://www.nabble.com/Suppress-%3C%21---MYFACES-JAVASCRIPT---%3E-giveaway--tp21946087p21946087.html > Sent from the MyFaces - Users mailing list archive at Nabble.com. > >
