on 5/17/01 12:47 PM, "Glenn Nielsen" <[EMAIL PROTECTED]> wrote:
> But now that both Tomcat 3.2 and Tomcat 4 support the Java SecurityManager
> you can control security at the container level regardless of whether someone
> is using the CFM servlet, velocity, CoCoon, JSP, etc.
Not true.
<http://jakarta.apache.org/velocity/ymtd/ymtd-hosting.html>
Hashtable strings = new Hashtable();
int i=0;
while (true)
{
strings.put ("dead"+i, new StringBuffer(999999));
}
There is no amount of security that will prevent someone from putting that
into their JSP page other than disabling the ability to put scriptlets into
things. If you do that, then you are simply where you should have been in
the first place...using Velocity.
-jon
--
If you come from a Perl or PHP background, JSP is a way to take
your pain to new levels. --Anonymous
<http://jakarta.apache.org/velocity/ymtd/ymtd.html>
