cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Reinhard Poetz" <reinh...@apache.org>
Subject RE: variable substitution in @type attributes
Date Wed, 04 Feb 2004 15:12:20 GMT

From: Nicolas Toper [mailto:ntoper@jouve.fr] 

> True, this is a big security hole...
> 
> Well, for the exception, where is the difference btw calling 
> a non existant 
> component and calling a non existant resource (like a file)??
> 
> But it seems hard use... At the same time, this'd be cool for 
> readers (like 
> gif, jpeg,etc..) 

Cool yes, but IMO too much magic. I would be -1 on changing this. With
explicit namings the sitemap remains easily readable.

--
Reinhard

> 
> What do you think?
> 
> Le Mercredi 04 Février 2004 15:58, Carsten Ziegeler a écrit :
> > I think one major point is security or more precise: to detect 
> > possible problems early on. If you now use a wrong type 
> information, 
> > which means address a component that doesn't exist, you get an 
> > exception immediately on startup. So, you know very early that your 
> > application is not correct.
> >
> > With a dynamic type attribute you defer this to a much later point 
> > which might be dangerous as well and very hard to find.
> >
> > Carsten
> >
> > > -----Original Message-----
> > > From: news [mailto:news@sea.gmane.org]On Behalf Of Jorg Heymans
> > > Sent: Wednesday, February 04, 2004 3:51 PM
> > > To: dev@cocoon.apache.org
> > > Subject: Re: variable substitution in @type attributes
> > >
> > >
> > > Vadim, that post is from 2001.
> > >
> > > The arguments are:
> > > - it affects the cache ->is this still relevant for the rewritten 
> > > cache mechanism in 2.1+ ?
> > > - Flexibility syndrome ->point taken
> > > - It's a reactor pattern forcing distribution of control and 
> > > increasing the number of contracts between the different 
> contexts. 
> > > ->not sure what is meant there. Does he mean that selecting a 
> > > component during pipeline setup would not be the sole decision of 
> > > the sitemap anymore? Which contexts are meant here?
> > >
> > > I can understand the pipeline overhead in looking through 
> the list 
> > > of all components everytime for one that matches the 
> parameter, but 
> > > this could be documented and left to the user to decide what he 
> > > prefers most.
> > >
> > >
> > > Please note that I am not trying to advocate this change, just 
> > > looking to up my knowledge on cocoon another nudge.
> > >
> > > thanks
> > > Jorg
> > >
> > > Vadim Gritsenko wrote:
> > > > Jorg Heymans wrote:
> > > >> Carrying the discussion over from users@
> > > >> Why is variable substituion not allowed in @type attributes ?
> > > >
> > > > Archives have it.
> > > >
> > > > 
> http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=9886706782656
5&w=
> > > 2
> > >
http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=98867067826565&w=2
> > >
> > > Vadim


Mime
View raw message