On 25/11/02 20:01 "Dan Sandberg" <[EMAIL PROTECTED]> wrote:
> What's the story with the servlets-ssi.renametojar hack?
>
> Are the classloader issues that necessitated this going to be fixed in
> Tomcat 5? Will they be backported to Tomcat 4?
>
> If this won't be fixed in Tomcat 5, than we can split servlets-ssi into
> the insecure part ( which can run exec ) and the secure part (
> everything else ). This would make using SSI much easier, as renaming
> jars and changing web.xml, etc, won't be necessary unless the user wants
> to support the #exec command.
>
> [Just trying to keep an eye on end-user simplicity]
NO code is ever secure... Less stuff you distribute, fewer times Tomcat will
show up on BugTrack... That's my rule-of-the-thumb, at least...
IMO, even Jasper should be renamed to .renametojar, but that's just me,
probably being paranoid.
Pier
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
