-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dong,
JiaDong Huang wrote: > Since the Request Object usage has already been stated in the spec. Maybe > Tomcat can have certain JSP verification tool. Is any thing like that > available? Or it is not possible to do technically at all. Maybe it can that > be part of JSP compiler... This is nearly impossible to do, since such a "verification tool" would have to execute all code paths simultaneously and basically has a very low chance of actually reproducing bugs of this type. The only thing that can expose bugs like this is either a very thorough code review (which is hard) or load testing (which is relatively easy). That's why big apps are usually tested in this way before making their way to production. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFgM9r9CaO5/Lv0PARApVoAKCes9zmENDwo4gMgwwg7XaA9euTgwCgruPx 5EggfdsxY+/1Fq7oVtlhCuM= =LJOL -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
