tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject RE: WEB-INF classloading and on the fly compilation
Date Mon, 18 Sep 2000 15:31:21 GMT
> When you feel ofended by my remarks and then make insinuations about 
> the way I perform my job, without knowing anything about it or about my 
> background, you are getting much more personal than I ever did.

Most of the time I don't even read the name of the sender :-). And for
sure I had no intention to question your job or background, and I've got
much worse flames to get it personal. 

I am very scared by the idea that many people consider security as a
"university" problem - commercial sites shouldn't worry about this, only
school admins. And your mail is the first I've seen in a long time that
states this explicitely.

Sorry if I overreacted, but I think it's important for this list to be
aware and realize the importance and _imense_ complexity of security, and
for people on this list to start understanding that in certain situations
( and that includes most commercial sites ) it is far more improtant to
insure security than some damn features ( or even easy-of-programming !).
Who cares if you wrote a site in only 3 days and it has all the features
in the world if after a week someone is able to get all the credit cards
used by your customers ? 

The question " do you have a security policy " was addressed to everyone
on this list - and I don't want to offend anyone. If you feel ofended ( or
if the answer is no ) then it's your problem :-)
( by security policy I mean a general - do you think about that and have a
plan in case something get wrong and an understanding of what will you
loose if something happens ? )

> However, having access to dynamic compilation is a functional issue 
> wich is important to me.

Nobody disagreed with dynamic compilation ( and if you got this impression
from my mail than it's a sign I'm very bad at writting ). I just argued
about how to implement this - i.e. include everything in a WAR or make it
a server-provided service. 


View raw message