Hi Chris!
They can upload them using javascript file manager
Totally rejecting scripting seems to be more robust solution
Christopher Schultz-2 wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Kazukin,
>
> kazukin6 wrote:
>> And yes, for us it' not possible to give users to ch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kazukin,
kazukin6 wrote:
> And yes, for us it' not possible to give users to change only parts of jsp's
> and deny execution of these parts based on some credential assessments
> executed during some tags
How do your users submit updated JSP files?
verything in this e-mail and any attachments relates to the official
>> business of Sender. This transmission is of a confidential nature and
>> Sender does not endorse distribution to any party other than intended
>> recipient. Sender does not necessarily endorse conte
008 17:32:29 -0700
>> From: [EMAIL PROTECTED]
>> To: users@tomcat.apache.org
>> Subject: Question is answered. See Bill Barker-2 answer
>>
>>
>> Hi, Martin
>> Thanks for the answer
>> I see, what you mean, but the problem is slightly different
>>
pache.org
> Subject: Question is answered. See Bill Barker-2 answer
>
>
> Hi, Martin
> Thanks for the answer
> I see, what you mean, but the problem is slightly different
>
> The matter is that our users can change jsp files whatever they like via
> administrative interfac
Hi, Martin
Thanks for the answer
I see, what you mean, but the problem is slightly different
The matter is that our users can change jsp files whatever they like via
administrative interface, so we want to restrict the use of scriplets in
these jsp's because of possible abuses
Bill Barker-2 prov
