cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicolas Toper <nto...@jouve.fr>
Subject Re: variable substitution in @type attributes
Date Wed, 04 Feb 2004 15:06:32 GMT
True, this is a big security hole...

Well, for the exception, where is the difference btw calling a non existant 
component and calling a non existant resource (like a file)??

But it seems hard use... At the same time, this'd be cool for readers (like 
gif, jpeg,etc..) 

What do you think?

Le Mercredi 04 Février 2004 15:58, Carsten Ziegeler a écrit :
> I think one major point is security or more precise: to detect possible
> problems
> early on. If you now use a wrong type information, which means address a
> component that doesn't exist, you get an exception immediately on startup.
> So, you know very early that your application is not correct.
>
> With a dynamic type attribute you defer this to a much later point which
> might
> be dangerous as well and very hard to find.
>
> Carsten
>
> > -----Original Message-----
> > From: news [mailto:news@sea.gmane.org]On Behalf Of Jorg Heymans
> > Sent: Wednesday, February 04, 2004 3:51 PM
> > To: dev@cocoon.apache.org
> > Subject: Re: variable substitution in @type attributes
> >
> >
> > Vadim, that post is from 2001.
> >
> > The arguments are:
> > - it affects the cache ->is this still relevant for the rewritten cache
> > mechanism in 2.1+ ?
> > - Flexibility syndrome ->point taken
> > - It's a reactor pattern forcing distribution of control and increasing
> > the number of contracts between the different contexts. ->not sure what
> > is meant there. Does he mean that selecting a component during pipeline
> > setup would not be the sole decision of the sitemap anymore? Which
> > contexts are meant here?
> >
> > I can understand the pipeline overhead in looking through the list of
> > all components everytime for one that matches the parameter, but this
> > could be documented and left to the user to decide what he prefers most.
> >
> >
> > Please note that I am not trying to advocate this change, just looking
> > to up my knowledge on cocoon another nudge.
> >
> > thanks
> > Jorg
> >
> > Vadim Gritsenko wrote:
> > > Jorg Heymans wrote:
> > >> Carrying the discussion over from users@
> > >> Why is variable substituion not allowed in @type attributes ?
> > >
> > > Archives have it.
> > >
> > > http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=98867067826565&w=2
> > > http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=98867067826565&w=2
> > >
> > > Vadim


Mime
View raw message