On Mar 9, 2009, at 4:46 PM, Len Popp wrote:
So, I'm a disciplined developer? :-)
I think it'd be a pretty good bet on this list :-)
Yeah, it's basically because in this setup the JSP pages are part of the app's implementation, not part of the exposed URL space. So I put them under WEB-INF with the classes, libs, tags, etc. Practically speaking the effect of allowing user access to the JSPs would be that you could enter a bogus URL and get a garbage page (probably a 500 error).
Well, I'm really only being curmudgeonly. It's true that /some/ users will always poke around and get into trouble, even when the app is well organized along mvc lines. From a traffic/business point of view, it's best to minimize that trouble....hmm...have to think about one of those projects of mine.
Cheers, Ken --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
