jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Murray Altheim <murra...@altheim.com>
Subject Re: Classmapping and final classes
Date Mon, 21 Jan 2008 21:45:50 GMT
Andrew Jaquith wrote:
> Well, it *would* suggest that all classes not designed to be extended 
> should be made final, wouldn't it? *twinkle*
> I am not such a purist about that, really, although I do think it is a 
> good habit to get into.

I think also that there's a distinction here between classes that are
not designed to be extended but OTOH weren't designed *not* to be
extended. Following the addition of the events code and the cascading
properties feature to JSPWiki I've not needed to hack much of anything
in order to either extend or embed JSPWiki. It's pretty functional in
that regard already, especially since with have a very open API already
(e.g., WikiEngine is very easily modified), we have filters and plugins,
I mean, *really*, hacking security code for software designed for public
web sites just seems like a Very Bad Idea, and unnecessary. If somebody
has a truly custom application that can't be solved otherwise and looks
to be a common use case that's one thing, but like Andrew I'd prefer to
see a real use case demonstrated that can't be solved via the existing

> In the meantime, for this particular case, I'd recommend that Simon file 
> an enhancement request or bug in JIRA, and folks with embedding 
> expertise (like Murray) can help figure out an approach that would work. 
> If we need to do a little design work for 2.8, great. And if that's 
> doesn't come soon enough for him, he's always got the option of patching 
> the code himself temporarily.

Agreed. I can't see justification for a big, known security hole.
Patching ClassUtil by removing several 'final' declarations should be
the province of an individual hack (and a very simple one at that), not
part of the core. IMO.


Murray Altheim <murray07 at altheim.com>                           ===  = =
http://www.altheim.com/murray/                                     = =  ===
SGML Grease Monkey, Banjo Player, Wantanabe Zen Monk               = =  = =

       Boundless wind and moon - the eye within eyes,
       Inexhaustible heaven and earth - the light beyond light,
       The willow dark, the flower bright - ten thousand houses,
       Knock at any door - there's one who will respond.
                                       -- The Blue Cliff Record

View raw message