tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Lopez <>
Subject Re: [Fwd: Tomcat may reveal script source code by URL trickery]
Date Wed, 04 Apr 2001 17:04:47 GMT
You're right!
That's another reason to use a model 2 based approach but, of course, JSP still
allows you to shoot you on your foot if you are fool enough to do so. That's one
of the reasons we chose a model 2 based approach with XML-XSLT for the interface
creation, no JSP involved: no feet in danger ;).
just my 2c,

Jon Stevens wrote:

> I know that these are just minor bugs in Tomcat (and other servlet
> containers as well), but man, this is getting ridiculous. This is clearly
> yet another reason to not use JSP. Especially when you have sites like this:
> <>
> Actually *encouraging* people to put their usernames and passwords into
> their JSP files. The term "Gross negligence" comes to mind.
> -jon

...<snip for brevity's sake>

View raw message