tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Juha Laiho <>
Subject Re: Disable java code execution <%blabla%> in jsp, but permits tags
Date Wed, 10 Sep 2008 21:18:39 GMT
kazukin6 wrote:
> Is it possible to disable all java code execution within jsp page (by
> security manager or something)
> but allow custom tags to be executed?
> The problem is that the users can change jsp files, and due to security
> reasons we can allow them to use only tags 

Unfortunately I don't have an idea on how to prevent Java snippets
in JSPs, but have you considered whether using Java security manager
would be enough to defend you against the estimated threats?

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message