Return-Path: 
 <tomcat-user-return-117786-apmail-jakarta-tomcat-user-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org
Received: (qmail 30802 invoked from network); 14 Dec 2004 19:10:49 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 14 Dec 2004 19:10:49 -0000
Received: (qmail 21950 invoked by uid 500); 14 Dec 2004 18:52:30 -0000
Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org
Received: (qmail 21923 invoked by uid 500); 14 Dec 2004 18:52:30 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 21869 invoked by uid 99); 14 Dec 2004 18:52:29 -0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=RCVD_BY_IP
X-Spam-Check-By: apache.org
Received-SPF: pass (hermes.apache.org: domain of asimalp@gmail.com designates
 64.233.170.202 as permitted sender)
Received: from rproxy.gmail.com (HELO rproxy.gmail.com) (64.233.170.202)
  by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 14 Dec 2004 10:52:17 -0800
Received: by rproxy.gmail.com with SMTP id q1so419215rnf
        for <tomcat-user@jakarta.apache.org>;
 Tue, 14 Dec 2004 10:51:41 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding;
        b=Ug1Qyo/6n6YxyeIC0gn1L5spHOYJwFCKtnV9NGJ5yaWESv4IeyavmsLWwA6P5PiOchj1oA9Hc/aeCAp/3aTDPRQq0xMPvszm78GjkmhIsZ3o19Sl9tjMpfeOCE1nLy9kuKpNBEsbR6JRE3Y8IX7YpGvHuj6Cn5/nJMtqoJoAEM8=
Received: by 10.38.150.47 with SMTP id x47mr829621rnd;
        Tue, 14 Dec 2004 10:51:41 -0800 (PST)
Received: by 10.38.97.52 with HTTP; Tue, 14 Dec 2004 10:51:40 -0800 (PST)
Message-ID: <672d5440041214105126967a9@mail.gmail.com>
Date: Tue, 14 Dec 2004 13:51:40 -0500
From: Asim Alp <asimalp@gmail.com>
Reply-To: im@asimalp.com
To: Tomcat Users List <tomcat-user@jakarta.apache.org>
Subject: JSP privileges
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

We want to give FTP access to our customers so that they can create /
edit their own JSP pages; however we are afraid of the capabilities of
JSP.  Technically, it is possible for a user to write a program that
would mess up anything else on the server.  Is there a get around? 
How does JSP hosting companies solve this potential security problem? 
We're not really a hosting company, but an application service
provider...

Thanks,

Asim

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org