emerson cargnin wrote:
We use windows on the dev workstatios and unix (SunOS 5.10
Generic_120011-14 sun4v sparc SUNW,Sun-Fire-T200) on dev/qa/production
servers.
We use Java 5 and we are migrating to tomcat 5.5 or 6.
Ralph, why do you say it's dangerous? Even if it doesn't have java
code, it would have tagslibs. Actually I don't really see any
advantage using Velocity than JSP here.
Since JSPs can contain any Java code, someone could put in code that
does something completely unrelated to your application (send passwords
or account information somewhere, etc). This is pretty hard to do
without being detected when the JSPs are inside of a War file. When you
put them outside of the war the controls are necessarily loosened
because, presumably, you actually want people to be able to change these
from time to time - so you may never know when one was changed
inappropriately. With templates this can still happen, but since they
can't add anything to a template that does more than change the view
this isn't that dangerous.
Ralph
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
