cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bertrand Delacretaz <>
Subject Re: [RT] FOM
Date Tue, 27 May 2003 07:33:37 GMT
<snips cause="agree or dont't understand implications enough to talk"/>

Le Mardi, 27 mai 2003, à 08:44 Europe/Zurich, Stefano Mazzocchi a écrit  
> ... 2) design for safety: the flow will be a center of abuse because  
> people
> will find it easier to write longer flows than to restructure their
> business logic into components. We must make all possible efforts to
> reduce this from happening....

This is very important so that Flow does not become the next JSP or ASP  

> ... Object getComponent(id) -> obtains the component indicated by the  
> given ID...

Does this mean *any* Component, or do you foresee a way for Components  
to say if they're made available in the FOM or not? Making everything  
accessible might also lead to easy abuse IMHO.

> ...NOTE: both Ricardo and I believe that the flow should always be
> associated with a Session. Thus the use of the semantics "getSession"
> instead of "createSession"...

I like that, but isn't there a possible attack where a client makes a  
lot of requests without cookies/session IDs, and overflows the poor  
server who's creating millions of Sessions without asking anything  
Is that taken care of somewhere else already?

> ----------------------------------------------------------------------- 
> ----
> The Log Object
> ----------------------------------------------------------------------- 
> ----
> ------ properties ------

Why no isDebugEnabled etc?

Without this it is not possible to add lots of logging without worrying  
about runtime costs.
Good logging improves quality, I think these properties are needed.


View raw message