You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Polina Genova <po...@gmail.com> on 2011/06/22 07:02:37 UTC

Proposal for the system information displayed by the default error handling of Tomcat

Hi,

Currently the Tomcat security documentation says that the server information
displayed in the default error pages can be configured through the
‘CATALINA_HOME/lib/org/apache/catalina/util/ SystemInfo.properties’ file.

I think it makes sense, to use the server attribute value of HTTP connector
configuration in the server.xml (if such attribute is set) instead reading
the property from the ‘SystemInfo.properties’. Thus the system information
returned in the server header and in the default error page would be
consistent. Besides, I cannot think of any situation in which these two
configurations may differ. That’s why such a change seems reasonable to me
and would lighten a bit the steps of security configurations.

If you like the idea, I can provide a patch for it?

Thanks and regards,

Polina

Re: Proposal for the system information displayed by the default error handling of Tomcat

Posted by Polina Genova <po...@gmail.com>.

Hi all,



I'm curious if you find the idea below reasonable.

If so, I'll gladly provide patch for it.



Thank you for your attention,

Polina
On Wed, Jun 22, 2011 at 8:02 AM, Polina Genova <po...@gmail.com>wrote:

> Hi,
>
> Currently the Tomcat security documentation says that the server
> information displayed in the default error pages can be configured through
> the ‘CATALINA_HOME/lib/org/apache/catalina/util/ SystemInfo.properties’
> file.
>
> I think it makes sense, to use the server attribute value of HTTP connector
> configuration in the server.xml (if such attribute is set) instead reading
> the property from the ‘SystemInfo.properties’. Thus the system information
> returned in the server header and in the default error page would be
> consistent. Besides, I cannot think of any situation in which these two
> configurations may differ. That’s why such a change seems reasonable to me
> and would lighten a bit the steps of security configurations.
>
> If you like the idea, I can provide a patch for it?
>
> Thanks and regards,
>
> Polina
>