Re: Question regarding security of delivered jsp's.

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] [Home]

Re: Question regarding security of delivered jsp's.

To: jhoffman@harland.net
Subject: Re: Question regarding security of delivered jsp's.
From: Costin Manolache <costin@tdiinc.com>
Date: Wed, 10 Feb 1999 09:32:50 -0800
Cc: gnujsp@gjt.org
Organization: TDI Inc
References: <36C1B167.536F0B21@harland.net>
Sender: costin@tdiinc.com

Joe Hoffman wrote:

> How can I deliver runnable JSP's to my customers without extending them
> the ability to edit/change the JSP content?

Deliver just the generated class files ( servlets ).
Extra benefit: they will not have to configure and install JSP ( in fact
they will need just a
JRE environment  + servlet runner ). ( I do that - with an altered
JSP-servlet name mapping )

You can also alter the code generator to not generate "dependency check".

Regards,
Costin

> One suggested idea is to have a switch (I"m not sure where) that
> indicates that only generated .class files should be used, and thus not
> look for .jsp files.   Therefore I would only have to deliver the
> contents of the generated directory (apache).     Maybe there is a way
> to extend this idea somehow and just deliver a jar file that contains
> all my generated class files.
>
> Has anyone thought of this issue and are there any good/proposed
> solutions?
>
> regards
>
> joe hoffman
> Harland Corp.
> Denver, CO

References:
- Question regarding security of delivered jsp's.
  - From: Joe Hoffman <jhoffman@harland.net>

Prev by Date: Re: Backward incompatible changes
Next by Date: Re: Question regarding security of delivered jsp's.
Previous by thread: Question regarding security of delivered jsp's.
Next by thread: Re: Question regarding security of delivered jsp's.
Index(es):
- Date
- Thread