tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Geir Magnusson Jr." <ge...@optonline.net>
Subject Re: Jasper performance
Date Fri, 18 May 2001 11:51:10 GMT
Glenn Nielsen wrote:
> 
> Jon Stevens wrote:
>
> > There is no amount of security that will prevent someone from putting that
> > into their JSP page other than disabling the ability to put scriptlets into
> > things. If you do that, then you are simply where you should have been in
> > the first place...using Velocity.
> >
> 
> Yes, but using velocity templates limits a great deal what customers
> can do when compared to a general purpose servlet container where
> web applications can be deployed. 

Those aren't comparable, 'Velocity templates' and 'general purpose
servlet container', because Velocity is just a template tool - you still
need the servlet and servlet container. 

I am sure you understand this, but wanted to keep things clear for
others that get confused when we say 'template engine' when talking
about Velocity - it's just a 'toolkit' you can use in your webapps in
your favorite servlet environment (Tomcat, of course... )

> There is a great deal more to
> security than just preventing a 'trusted user' who can publish content
> from doing something stupid.  No where in your YMTD document do I see
> anything about security, just your reference above to a trusted user
> DoS.  Heck, if one of my customers wants to use Velocity, they can do
> so if it can be deployed as a web application, but it will have to
> run within the security policies we set for the Tomcat Java SecurityManager. ;-)

Maybe it wasn't clear to you then - yes, it can be deployed in a web
application just like any other bit of java code.

I encourage you to take a few minutes and just look it over.  We offer
decent documentation and examples, both for web use and non-web use. 
While I am pretty certain you aren't going to foreswear JSP, it's
certainly an interesting alternative, and has plenty of non-web uses as
well for code, text, SQL generation, static HTML page generation, etc...

geir

-- 
Geir Magnusson Jr.                           geirm@optonline.net
System and Software Consulting
Developing for the web?  See http://jakarta.apache.org/velocity/
"still climbing up to the shoulders..."

Mime
View raw message