I am changing from Jrun to Tomcat and I have just one problem remaining.
Jrun gave an additional security possibility that I am unable to extend to Tomcat. In Jrun you do not need to place your .jsp files, nor the automatically generated .java files on your production server. I could simply .jar up the automatically generated .class files and place the .jar file in the /WEB-INF/jsp folder on the production server.
That way I had 3 big advantages:
1) Nobody could look into my .jsp files.
2) Nobody could look into my .java files for my .jsps
3) Compilation on the production server of the .jsps was already done. - Everything was ready in the single .jar file.
Now perhaps I am missing something, so please put me right. And I'm just starting now to use ant and I've never bothered with .war files because I don't distribute my programmes, they're just used on our production server.
If I create a .war file for the production server then the .war file contains no compiled .jsps, just the original .jsp files - is that right?
There seem to me to be obvious advantages to what I was able to do in Jrun - can I do something similar in Tomcat?
In general I get many more security features with Tomcat 4.1, than I did with Jrun 3.1, but this particular possibility seems to me to be a good one. I have tried creating .jar files of the Tomcat's /work directory but without any success.
Can anybody enlighten me? Thanks for any help.
Regards, Malcolm Warren
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
