velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Revusky <jrevu...@terra.es>
Subject Re: template encodings
Date Mon, 16 Jul 2001 13:05:35 GMT
David Kinnvall wrote:
> 
> From: "Jonathan Revusky" <jrevusky@terra.es>
> > "Geir Magnusson Jr." wrote:
> > >
> > > And then what?  Do we have to support the alphabet soup of possibilities
> > > for Window's [broken] file system?   First look at C:, then D:, then E:,
> > > then F:, then... Or do we force people to only use UNC under windows?
> >
> > You're just being argumentative. Your code is broken in this instance.
> > This has absolutely nothing to do with cross-platform issues because the
> > core java libraries already handle it!
> >
> > Specifically in FileResourceLoader.getResourceStream(templateName) you
> > should specifically check whether someone has passed in an absolute
> > path. Here's the code:
> >
> > File f = new File(templateName);
> > if (f.isAbsolute() && f.exists()) {
> >    return new BufferedInputStream(new FileInputStream(f));
> > }
> 
> /etc/passwd is absolute and exists. Or am I missing something?

Yes, I think you are definitely missing something. That's why there are
security mechanisms in the OS and in the JVM. Modern computing is built
on many levels and it is not really the role of template engine code to
set security policies. Developers of code at that level of the equation
should concentrate on making their product usable.

Similarly, if I gave an XML parser an absolute path to a file to parse,
it should not refuse to parse it in my better interests etcetera. I
would consider that equally inappropriate.

The use of '.' as a default is clearly broken, since it will basically
never do anything useful. IMO, the default should probably be reading
relative to the classloader and then system classpaths. I also think
that if somebody says getTemplate("/full/path/to/file") it should fish
out the template. At least in the default, out-of-the-box configuration,
because you will definitely create scenarios where people bang their
heads against the wall not understanding what is wrong.

Your example is silly, contrived really, because a naive template coder
is not going to code #include "/etc/passwd" in a template anyway. Those
people develop on Windows or Mac and don't even know that /etc/passwd
exists.

> I would certainly *not* want my system exposed via careless
> template coders in that way, unless explicitely authorized by
> me via configuration.

<snip>

> 
> Serious developers definitely read the documentation.
> To suggest otherwise makes your case substantially weaker.

This is utter bullshit. "Serious" developers do not *definitely* read
the documentation. You (and Geir) will be well served to realize this. 

Serious developers typically start with the "Hello, World" example and
start hacking around and trying to figure out how to do what they need
to do from there.

If you claimed to me that you always fully read the documentation when
trying to use something, I wouldn't even believe you. I would suspect
insincerity.

Look, I don't want to argue with you. You suffer from the same disease
and, judging by what you're saying, you're a far worse gone case.

I did overreact to Geir. I was not in a good mood. I had a good night's
sleep and feel more conciliatory. Look, overall, Geir is basically a
good guy and he's right to keep trying to improve the documentation. But
to think that everybody always reads the docs thorougly is outright
silly. I don't think such nonsense should be encouraged.

Jonathan Revusky
--
available for Java/Delphi/Internet consulting
If you want to...
- make your .class files double-clickable with SmartJ
- do Delphi/Java mixed programming with easy-to-use JNI wrapper classes
- build robust web applications with the Niggle Application Framework
then...
check out the Revusky Hacks Page: http://www.revusky.com/hacks/

Mime
View raw message