axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam Ruby <ru...@apache.org>
Subject Re: cvs commit: xml-axis/java/test/MSGDispatch TestService.java
Date Thu, 26 Sep 2002 13:46:33 GMT
Glen Daniels wrote:
 > In the RPC case, if you specify "*", you still shouldn't have public
 > methods in your class which you don't want exported - the failure
 > case here is that people can remotely call dangerous/inappropriate
 > code.  I'm just saying that the same idea should apply for MSG
 > services with "*", except that we should notice the non-matching
 > methods right away.

Glen, I must admit that this argument does not make sense to me.  "*" is 
dangerous and should be avoided.  Period.

But if somebody ignores this advice, they accept the danger.

 > I think the question comes down to this : which is more
 > confusing/difficult to the user?  To specify "all methods should be
 > exported" and then have deployment silently ignore non-matching
 > methods for message services, or to get a deployment failure which
 > makes it very clear that you've allowed more than is valid in your
 > class signature.  To me, it seems like the former is more opaque and
 > error-prone - to you, it seems like the latter is annoying.  Maybe we
 > should [VOTE]?

Again, we are talking about a user is too lazy to list all the methods 
that they want, or to employ the use of a proper tool.  What does this 
type of user want?  Do they want someone tapping them on the shoulder 
and telling them that "um, by they way, did you realize that you have 
also exported some methods that you have no way of calling?".  Actually, 
I'm not sure that tapping on the shoulder is a good analogy here, as 
what actually was occurring was that such users were summarily dismissed.

- Sam Ruby


Mime
View raw message