tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brad Cox <b...@virtualschool.edu>
Subject Re: [Fwd: Tomcat may reveal script source code by URL trickery]
Date Wed, 04 Apr 2001 18:06:10 GMT
My article about a servlet-based alternative to JSP is in this 
month's Dr. Dobbs Journal and at
http://www.ddj.com/articles/2001/0105/0105i/0105i.htm. The draft with 
source code is at http://virtualschool.edu/wap.

At 7:04 PM +0200 04/04/2001, Daniel Lopez wrote:
>You're right!
>That's another reason to use a model 2 based approach but, of 
>course, JSP still
>allows you to shoot you on your foot if you are fool enough to do 
>so. That's one
>of the reasons we chose a model 2 based approach with XML-XSLT for 
>the interface
>creation, no JSP involved: no feet in danger ;).
>just my 2c,
>Dan
>
>Jon Stevens wrote:
>
>>  I know that these are just minor bugs in Tomcat (and other servlet
>>  containers as well), but man, this is getting ridiculous. This is clearly
>>  yet another reason to not use JSP. Especially when you have sites like this:
>>
>>  <http://www.devshed.com/Server_Side/Jserv/JSP5/page3.html>
>>
>>  Actually *encouraging* people to put their usernames and passwords into
>>  their JSP files. The term "Gross negligence" comes to mind.
>  >
>  > -jon
>  >
>
>...<snip for brevity's sake>

-- 
---
Brad Cox, Ph.D.; bcox@superdistributed.com
Phone: 703 361 4751 Cell: 703 919-9623
http://superdistributed.com: A new paradigm for a new millinneum

Mime
View raw message