tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bojan Smojver <>
Subject RE: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
Date Wed, 25 Sep 2002 21:54:32 GMT
On Wed, 2002-09-25 at 20:59, John Trollinger wrote:

> Don't buy all the velocity hype.. It is not as great as they make it out
> to be.

What hype? I don't follow here...

Velocity is just a template language, plain, simple and relatively
small. It's "greatness" comes from the fact that you cannot do things in
it, not from that fact that you can. Other template languages might be
as good or better, wouldn't know, but given that Velocity is a Jakarta
project, it seemed like a reasonable suggestion to me. And it certainly
does the job for me. I don't see why would sharing a good experience
with someone qualify as hype.

But all that is actually beside the point. The point is that you don't
want your web designers to touch Java code, ever. Making web pages
programs, with access into depths of you JVM, is what the initial
problem with JSP's actually is.

> Please no flames from the velocity disiples as I will not respond.

Why do you think anyone from Velocity crowd would flame you? I found
most users and developers to be helpful and constructive. They certainly
helped me switch from JSP's in no time at all.


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message