This may be true (though I have never tested it). What's easier though? Upgrading a Tomcat server with a patch or re-architecting your whole site to accomodate for Velocity??
;-) -Matt --- Jon Scott Stevens <[EMAIL PROTECTED]> wrote: > on 2002/9/24 4:59 AM, "Remy Maucherat" > <[EMAIL PROTECTED]> wrote: > > > A security vulnerability has been confirmed to > exist in all Apache > > Tomcat 4.x releases (including Tomcat 4.0.4 and > Tomcat 4.1.10), which > > allows to use a specially crafted URL to return > the unprocessed source > > of a JSP page, or, under special circumstances, a > static resource which > > would otherwise have been protected by security > constraint, without the > > need for being properly authenticated. > > Once again...JSP sucks and Velocity is the right way > to go...you will never > have to worry about your container spilling your > beans (pun intended). > > Given that Tomcat gets around 100k+ > downloads/week...imagine how many > servers now need to be updated and how much money > and time that will cost to > do so? > > http://jakarta.apache.org/velocity/ > > Wake up people. Velocity is faster and more secure > than JSP will ever be. > > -jon > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > ===== ------------------------ int myName() { cout << "-Matt Fury \n"; return 0; } ------------------------ __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>