From: "Seetamraju, Uday" <[EMAIL PROTECTED]> > The entire details are in one nice HTML web page that I wrote up just for this. > http://mysite.verizon.net/sarma/GNU/SafeValidatorForm.html
The part that caught my eye was 'testing' it by entering the entire URL to the jsp file. Most of us already prevent direct access to JSP's in various ways-- I put them under WEB-INF and force all requests to go through an Action. In that case, does the rest of your argument still apply? -- Wendy Smoak --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]