I recently installed Tomacat 6.0 and see that I now need to make my web
application privalaged in order to use InvokerServlet to allow users to
execute arbitrary servlets. This seems to continue a trend that may
eventually result in Invoker being widthdrawn.
My question is why is allowing
I am a newbee here but as a work around, I would think you could have
a master servlet and it could scan and load all the servlets in the
directory into a map, and then dispatch requests to them from /*
(having them properly initialized in another question)
I would be interested in the
http://tomcat.apache.org/faq/misc.html#evil
-Tim
Paul Mendelson wrote:
I recently installed Tomacat 6.0 and see that I now need to make my web
application privalaged in order to use InvokerServlet to allow users to
execute arbitrary servlets. This seems to continue a trend that may
Tim Funk wrote:
http://tomcat.apache.org/faq/misc.html#evil
-Tim
Paul Mendelson wrote:
I recently installed Tomacat 6.0 and see that I now need to make my
web application privalaged in order to use InvokerServlet to allow
users to execute arbitrary servlets. This seems to continue a trend
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 14, 2007 8:39 PM
To: Tomcat Users List
Subject: Re: Rationale for makeing Invoker harder to user
http://tomcat.apache.org/faq/misc.html#evil
Keep in mind this opens with This is opinions
At 20:38 3/14/2007, you wrote:
http://tomcat.apache.org/faq/misc.html#evil
-Tim
All very good points escpecially since it will load classes outside
the webapps sandbox. Definately evil.
What I would probably do in the large # of servlets situation for a
single webapp during development is