struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Struts Wiki] Update of "HDIV" by Paul Benedict
Date Fri, 07 Dec 2007 04:21:22 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Struts Wiki" for change notification.

The following page has been changed by Paul Benedict:
http://wiki.apache.org/struts/HDIV

------------------------------------------------------------------------------
  
  = SPI or native integration? =
  
- HDIV seems to solve a problem that most web application developers don't know they have.
By "natively", I mean it's part of the core and you can't make your application less secure
by ripping it out. It is Apache licensed after all.
+ '''Matt Raible:''' HDIV seems to solve a problem that most web application developers don't
know they have. By "natively", I mean it's part of the core and you can't make your application
less secure by ripping it out. It is Apache licensed after all. If rolling it into the core
isn't an option, it would be nice if it was easier to integrate. Instead of requiring new
tag libraries, it'd be nice if tag libraries (and Velocity/FreeMarker macros) were "HDIV aware".
If an HDIV JAR/Plugin is on the classpath - use it.
  
- If rolling it into the core isn't an option, it would be nice if it was easier to integrate.
Instead of requiring new tag libraries, it'd be nice if tag libraries (and Velocity/FreeMarker
macros) were "HDIV aware". If an HDIV JAR/Plugin is on the classpath - use it.
+ '''Paul Benedict:''' I wouldn't want to fork the project because I am not a security expert.
I couldn't maintain it well even though I want to integrate it. Also, I don't know if HDIV
has aspirations outside of Struts which would make an SPI much more palatable. I am not strongly
in favor of belonging to the core. I think the feature should be optional, but I wouldn't
also object if it was put of the core with the option to turn on/off. 
  
- Which security package(s) would you want to work with in addition to HDIV? I firmly believe
that you need at least two candidates in order to successfully design an SPI. Otherwise you
run a very high risk of designing an SPI that can really only be successfully used by the
one candidate you designed it around.
+ '''Martin Cooper:''' Which security package(s) would you want to work with in addition to
HDIV? I firmly believe that you need at least two candidates in order to successfully design
an SPI. Otherwise you run a very high risk of designing an SPI that can really only be successfully
used by the one candidate you designed it around. 
  
  = Performance =
  
- It's unusual that a feature such as this comes without penality. If HDIV were native, what
would be the performance cost? Complexity cost?
+ '''Ted Husted:''' It's unusual that a feature such as this comes without penality. If HDIV
were native, what would be the performance cost? Complexity cost? 
  
  = Validation =
  
+ '''Martin Cooper:''' How does HDIV's editable content validation interact with the validation
mechanisms that we already have built into Struts? Is someone using HDIV
- How does HDIV's editable content validation interact with the validation
- mechanisms that we already have built into Struts? Is someone using HDIV
  with Struts going to be writing their validations using HDIV's format,
  Commons Validator's format, or both?
  
  = Usability =
  
+ '''Martin Cooper:''' How much of the functionality of HDIV is only available for people
using JSP with tag libraries? If I'm using Velocity, or not using server-side
- How much of the functionality of HDIV is only available for people using
- JSP with tag libraries? If I'm using Velocity, or not using server-side
  presentation at all, how much of HDIV do I lose?
  

Mime
View raw message