cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Mazzocchi <stef...@apache.org>
Subject Re: Easy to maintain Web applications?
Date Fri, 17 Dec 1999 15:53:04 GMT
Greg Wolff wrote:

> If logicsheets can be modified by "untrusted" users then allowing them to
> execute arbitrate code is likely to lead to security and reliability
> problems.  Yes, there are some ways of addressing these, but they come with
> their own costs.  You might find the PIA approach to be more flexible and
> easier to administer.  It has the added advantage that anyone who knows XML
> (but not Java) can understand and properly edit the locgicsheets (tagsets).
> (Yes, they could probably just as easily ignore the Java code within the
> logic tags of the XSP approach, but they might be surprised when the random
> newline they unknowingly inserted by mistake causes their application to
> stop working.)

Please, those are the "standard" arguments against JSP, in the way
Cocoon uses XSP (like I explained in a previous mail) nobody will have
to edit an XSP page since it will be generated. And the logicsheet will
be written by developers, who know what they are doing.

Users just do stuff like

 <p>My quotes are <quotes/></p>

and there is no way they can screw up the logic.

Again, I totally understand you points of having a turing-complete
language expressed directly in XML, but that is just another stylesheet.
A very complex one, indeed, but that would allow us to work together. :)

-- 
Stefano Mazzocchi      One must still have chaos in oneself to be
                          able to give birth to a dancing star.
<stefano@apache.org>                             Friedrich Nietzsche



Mime
View raw message