Jeanfrancois Arcand wrote:
The only problem I see by removing the package org.apache.jsp is that when Tomcat run under the security manager, it is no longer possible to protect an application from package insertion/access (dangerous).That's a good point, also. (oh, no, I'm back in the middle of a JSPC induced mess ;-) )
It is still possible to protect the application by manually adding the new package name under the conf/tomcat.properties file. This will have to be documented somewhere.
Ok, I can re-revert my patch ;-)
Remy
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
