tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zzzeek <clas...@io.com>
Subject Re: VOTE: JDK1.2 compiler
Date Tue, 13 Jun 2000 18:47:08 GMT

This is great.  also i was confused since I thought the implication was a
JDK1.2 compiler would be needed for compiling JSP pages at runtime, but 5
seconds of thought led me to the big lightbulb of 'duhhhh'...


On Tue, 13 Jun 2000, Glenn Nielsen wrote:

> The major new feature that requires 1.2 is allowing the Java SecurityManager
> to be used with Tomcat and Jasper.  There are significant improvements to
> the Java SecurityManager in 1.2 over those available in 1.1 that dictated
> using the 1.2 version of the SecurityManager.  Use of the SecurityManager
> when running Tomcat is optional.
> 
> The Java SecurityManager is what allows your browser to run an applet
> in its own sandbox to prevent untrusted code from accessing files
> on your local system, connecting to a host other than the one the
> applet was loaded from, etc.
> 
> In the same way the SecurityManager protects you from an untrusted
> applet running in your browser, use of a SecurityManager while running
> Tomcat can protect your server from trojan servlets, JSP's, JSP beans,
> and tag libraries.  Or even inadvertant mistakes.
> 
> The above is from the first two paragraphs of doc/uguide/tomcat_security.txt
> which can be found in the nightly build.
> 
> Use of the SecurityManager is especially important if you have "untrusted"
> people publishing JSP pages, such as a web hosting service.  Use of the
> SecurityManager provides another layer of defense to prevent your server
> from being compromised.
> 
> Regards,
> 
> Glenn
> 
> zzzeek wrote:
> > 
> > what are the 1.2 features being used that so many other JSP
> > implementations do not need?  Im not as concerned over using 1.2 compilers
> > as I am over what kind of overly complex design is demanding the use of
> > 1.2-only reflection, "complex code", etc.
> > 
> > On Tue, 13 Jun 2000, Danno Ferrin wrote:
> > 
> > > Given the movement in MacOSX, Linux/IBM, and BSDi
> > >
> > > +1 to 1.2 compiler, and
> > > +1 to removing 1.1 at some point prior to 4.0 (3.3 is my recommendation)
> > >
> > > costin@costin.dnt.ro wrote:
> > > >
> > > > Hi,
> > > >
> > > > I want to know where do we stand with this issue: please send your vote
> > > > about removing the requirement of a JDK1.1 compiler.
> > > >
> > > > Tomcat will still be usable with JDK1.1 and will support it, but for
> > > > compilation you'll have to use a JDK1.2 compiler ( or jikes or any 1.1
> > > > compiler with a JDK1.2 library in classpath ).
> > > >
> > > > The problem is that it's very hard and ugly to support jdk1.2 features
> > > > that can be compiled with JDK1.1.
> > > >
> > > > It is reasonably easy to support JDK1.1 - by using the 1.2 objects only
in
> > > > local variables and inside if() blocks - if the code is never called the
> > > > object will not be instantiated.
> > > >
> > > > I know that some of you may use JDK1.1 - and I agree it's important to
> > > > support it, but supporting the compiler is really hard - and it doesn't
> > > > seem to be too many people interested in helping with that. It just add
a
> > > > big overhead to anyone who contributes code ( reflection, conditional
> > > > builds, complex code, etc).
> > > >
> > > > Costin
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> > >
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 
> -- 
> ----------------------------------------------------------------------
> Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
> MOREnet System Programming               |  * if iz ina coment.      |
> Missouri Research and Education Network  |  */                       |
> ----------------------------------------------------------------------
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 


Mime
View raw message