[TYPO3] Removing the meta "generator" from header

[Christopher Torgalson]

Hi,

Dmitry Dulepov [typo3] wrote:
> Hi!
> 
> Claudio Strizzolo wrote:
>> What I don't like, and would like to avoid, is to show the VERSION of 
>> TYPO3 through which the pages were built, basically for security reasons: 
>> imagine that I have used a version of TYPO3 that later is discovered to 
>> be buggy about security, and I haven't had time to update yet. If the 
>> code of the pages shows the version of the software, this could be an 
>> hint for malicious people trying to force my system: they might be aware 
>> that my web server is using a buggy software and trying to break it.
>> Up to now, TYPO3 has looked solid as a rock to me, but who knows what 
>> might happen in the future? Bugs happen.
>> For instance, I find absolutely reasonable that the administrative login 
>> page (http://mysite.org/typo3/) does not display the version of TYPO3 in 
>> use, for the very same reason.
> 
> Now I got it :) Sorry for my misunderstanding :(
> 
> Your arguments are very reasonable. At the moment you cannot disable generator meta by configuration but this feature can be added. Do you think making it
> 
> <meta name="generator" content="TYPO3 CMS" />
> 
> is more secure? This what Apache has, it can report full version or just say "Server: Apache". We can do the same I think.


I don't know how it will fit in with the new install tool, but in the 
existing install tool, there is an option to disable the version in the 
copyright statement ([SYS][loginCopyrightShowVersion]). It might make 
some sense to group any similar new option with this one.


-- 
Christopher Torgalson / bedlamhotel at gmail.com