kazukin6 wrote:
Plz Help !!
Is it possible to disable all java code execution within jsp page (by
security manager or something)
but allow custom tags to be executed?
The problem is that the users can change jsp files, and due to security
reasons we can allow them to use only tags
Why are
We want them to be able to customize information they get from our system by
using custom tags
H. Hall wrote:
kazukin6 wrote:
Plz Help !!
Is it possible to disable all java code execution within jsp page (by
security manager or something)
but allow custom tags to be executed?
The
this transmission.
Date: Sat, 13 Sep 2008 08:58:59 -0700
From: [EMAIL PROTECTED]
To: users@tomcat.apache.org
Subject: Re: Disable java code execution %blabla% in jsp, but permits tags
We want them to be able to customize information they get from our system by
using custom tags
H. Hall
Hi, Bill!!
Thank you a lot!!
It seems, it's exactly what I need
Bill Barker-2 wrote:
kazukin6 [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Plz Help !!
Is it possible to disable all java code execution within jsp page (by
security manager or something)
but allow custom
Hi Juha!
Yes, I did, but it's kinda hard for me to estimate all possible threats and
the Tomcat's ability to provide the defence
I suppose it should be
1) No thread creation
2) No IO operations
3) No any direct System API invokations, only JAVA API -(cause it can lead
to undesired
kazukin6 wrote:
Is it possible to disable all java code execution within jsp page (by
security manager or something)
but allow custom tags to be executed?
The problem is that the users can change jsp files, and due to security
reasons we can allow them to use only tags
Unfortunately I
kazukin6 [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Plz Help !!
Is it possible to disable all java code execution within jsp page (by
security manager or something)
but allow custom tags to be executed?
There isn't anything that can't be worked around. But putting: