tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brad Cox <>
Subject Re: [Fwd: Tomcat may reveal script source code by URL trickery]
Date Wed, 04 Apr 2001 18:06:10 GMT
My article about a servlet-based alternative to JSP is in this 
month's Dr. Dobbs Journal and at The draft with 
source code is at

At 7:04 PM +0200 04/04/2001, Daniel Lopez wrote:
>You're right!
>That's another reason to use a model 2 based approach but, of 
>course, JSP still
>allows you to shoot you on your foot if you are fool enough to do 
>so. That's one
>of the reasons we chose a model 2 based approach with XML-XSLT for 
>the interface
>creation, no JSP involved: no feet in danger ;).
>just my 2c,
>Jon Stevens wrote:
>>  I know that these are just minor bugs in Tomcat (and other servlet
>>  containers as well), but man, this is getting ridiculous. This is clearly
>>  yet another reason to not use JSP. Especially when you have sites like this:
>>  <>
>>  Actually *encouraging* people to put their usernames and passwords into
>>  their JSP files. The term "Gross negligence" comes to mind.
>  >
>  > -jon
>  >
>...<snip for brevity's sake>

Brad Cox, Ph.D.;
Phone: 703 361 4751 Cell: 703 919-9623 A new paradigm for a new millinneum

View raw message