tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Woodchuck <>
Subject RE: Delivering JSPs without source
Date Wed, 01 Dec 2004 20:50:04 GMT

i have gotten into the habit of precompiling my jsps and then
obfuscating everything.  while not 100% bullet-proof (but then again,
nothing is in theory), i think this is a reasonably decent solution for
source security.


--- "Shapira, Yoav" <> wrote:

> Hi,
> >When Tomcat receives a request for .jsp page, isn't the first order
> of
> >business to compare the date of the .jsp page against the .java file
> in
> >the working directory, so Tomcat knows whether to re-translate and
> >compile the .jsp page?
> For normal JSP pages, but not for pre-compiled ones.  Those are
> defined
> in web.xml and don't go through the JSP servlet: they are normal
> servlets, not subject to Jasper manipulation.  So what this user is
> trying to do (precompile to avoid giving customers JSP source code)
> is
> technically possible and has valid use-cases.  I've helped customers
> do
> the same thing.
> Yoav Shapira
> This e-mail, including any attachments, is a confidential business
> communication, and may contain information that is confidential,
> proprietary and/or privileged.  This e-mail is intended only for the
> individual(s) to whom it is addressed, and may not be saved, copied,
> printed, disclosed or used by anyone else.  If you are not the(an)
> intended recipient, please immediately delete this e-mail from your
> computer system and notify the sender.  Thank you.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message