http://tomcat.apache.org/faq/misc.html#evil-Tim
Paul Mendelson wrote:
> I recently installed Tomacat 6.0 and see that I now need to make my web
> application privalaged in order to use InvokerServlet to allow users to
> execute arbitrary servlets. This seems to continue a trend that may
> eventually result in Invoker being widthdrawn.
>
> My question is why is allowing execution of arbitrary servlets so
> discouraged. In my opinion JSPs are essentially servlets with a
> differnt deployment convention and there is no prohibition on running
> jsps without "registering them."
>
> I like to build web applications with hundreds of servlets and I prefer
> not to explicitly define each one in web.xml. Is there any sanctioned
> method of doing this in a tomcat world?
>
---------------------------------------------------------------------
To start a new topic, e-mail:
users@...
To unsubscribe, e-mail:
users-unsubscribe@...
For additional commands, e-mail:
users-help@...
