This is not really an issue for me, as the access to the servers are totally strict
and... any idea on how to map to the jsp's outside? Nobody ever need it? how do people migrate from resin then? On 19/02/2008, Ralph Goers <[EMAIL PROTECTED]> wrote: > emerson cargnin wrote: > > We use windows on the dev workstatios and unix (SunOS 5.10 > > Generic_120011-14 sun4v sparc SUNW,Sun-Fire-T200) on dev/qa/production > > servers. > > We use Java 5 and we are migrating to tomcat 5.5 or 6. > > > > Ralph, why do you say it's dangerous? Even if it doesn't have java > > code, it would have tagslibs. Actually I don't really see any > > advantage using Velocity than JSP here. > > > > > Since JSPs can contain any Java code, someone could put in code that > does something completely unrelated to your application (send passwords > or account information somewhere, etc). This is pretty hard to do > without being detected when the JSPs are inside of a War file. When you > put them outside of the war the controls are necessarily loosened > because, presumably, you actually want people to be able to change these > from time to time - so you may never know when one was changed > inappropriately. With templates this can still happen, but since they > can't add anything to a template that does more than change the view > this isn't that dangerous. > > Ralph > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
