tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "emerson cargnin" <echofloripa.y...@gmail.com>
Subject Re: Mapping JSP's to outside of the war or expanded folder
Date Tue, 19 Feb 2008 17:15:33 GMT
This is not really an issue for me, as the access to the servers are
totally strict

and... any idea on how to map to the jsp's outside?
Nobody ever need it? how do people migrate from resin then?

On 19/02/2008, Ralph Goers <Ralph.Goers@dslextreme.com> wrote:
> emerson cargnin wrote:
> > We use windows on the dev workstatios and unix (SunOS 5.10
> > Generic_120011-14 sun4v sparc SUNW,Sun-Fire-T200) on dev/qa/production
> > servers.
> > We use Java 5 and we are migrating to tomcat 5.5 or 6.
> >
> > Ralph, why do you say it's dangerous? Even if it doesn't have java
> > code, it would have tagslibs. Actually  I don't really see any
> > advantage using Velocity than JSP here.
> >
> >
> Since JSPs can contain any Java code, someone could put in code that
> does something completely unrelated to your application (send passwords
> or account information somewhere, etc).  This is pretty hard to do
> without being detected when the JSPs are inside of a War file. When you
> put them outside of the war the controls are necessarily loosened
> because, presumably, you actually want people to be able to change these
> from time to time - so you may never know when one was changed
> inappropriately.  With templates this can still happen, but since they
> can't add anything to a template that does more than change the view
> this isn't that dangerous.
>
> Ralph
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message