-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kazukin,
kazukin6 wrote: > And yes, for us it' not possible to give users to change only parts of jsp's > and deny execution of these parts based on some credential assessments > executed during some <if checkAccess> tags How do your users submit updated JSP files? Do you have the opportunity to scan them before installation? If so, why not simply reject anything containing "<[EMAIL PROTECTED]"? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjQJV4ACgkQ9CaO5/Lv0PCNOACgu+CaPCGqYX+0t1jhPJhDRZ/K b88An1s5lPVnO1xiU2WiBljlYbTC+tZd =AN9/ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
