velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Revusky <>
Subject Re: template encodings
Date Mon, 16 Jul 2001 21:08:15 GMT
David Kinnvall wrote:
> From: "Jonathan Revusky" <>
> > David Kinnvall wrote:
> > > /etc/passwd is absolute and exists. Or am I missing something?
> >
> > Yes, I think you are definitely missing something. That's why there are
> > security mechanisms in the OS and in the JVM. Modern computing is built
> > on many levels and it is not really the role of template engine code to
> > set security policies. Developers of code at that level of the equation
> > should concentrate on making their product usable.
> It was an example. I agree with the rest you say, however.
> > Similarly, if I gave an XML parser an absolute path to a file to parse,
> > it should not refuse to parse it in my better interests etcetera. I
> > would consider that equally inappropriate.
> Indeed. To allow using templates with absolute paths in
> any directory you wish _is_ a configuration option, though.

Yes, I have been told that and I know that. 

> > The use of '.' as a default is clearly broken, since it will basically
> > never do anything useful. IMO, the default should probably be reading
> > relative to the classloader and then system classpaths. I also think
> > that if somebody says getTemplate("/full/path/to/file") it should fish
> > out the template. At least in the default, out-of-the-box configuration,
> > because you will definitely create scenarios where people bang their
> > heads against the wall not understanding what is wrong.
> You are of course entitled to your opinion. To make what
> you suggest the default in Velocity should be discussed
> a bit more however, to find out whether it is indeed the
> wish of the majority.

I don't care that much really. I do agree that the use of absolute paths
should be discouraged. I'm not sure that I can take the security hole
argument that seriously, because I think it's pretty tenuous. As long as
you don't put the raw templates somewhere that's visible to the outside
world, I don't for the life of me see the issue. It's just that the
approved pattern is surely to specify resources relative to the insides
of a .war file. So these things should be loaded relative to the
classloader classpath.

OTOH, the classloader classpath is *not* the default. The *default* is
to load relative to '.' the current working directory and that really is
useless AFAICS.

Now, I still would argue that if somebody actually does specify an
absolute file location in a call to getTemplate() that it should work in
the out-of-the-box configuration. But hey, it's not *my* library, so all
I can do is give my opinion on that and my reasoning.

> > Your example is silly, contrived really, because a naive template coder
> > is not going to code #include "/etc/passwd" in a template anyway. Those
> > people develop on Windows or Mac and don't even know that /etc/passwd
> > exists.
> It was an example, contrived or not, of the fact that
> there may very well be files accessible, with no OS
> protection, that I do not wish template developers to
> have access to, intentionally or not. If you are so
> obviously determined to understand otherwise, I give
> up this part of the discussion. It serves no purpose.

Well, then the same argument applies to what you're telling me above. If
the default were that absolute pathnames worked, you could change the

I'm not talking about a deployment situation anyway. I'm talking about a
situation where a newbie downloads the ruddy thing and tries to get a
simple example going on his local box. IMO, this scenario should be made
as easy as is possible! Like, c'mon, what security issue is there when
you're trying to get Hello, World to run?

> > > Serious developers definitely read the documentation.
> > > To suggest otherwise makes your case substantially weaker.
> >
> > This is utter bullshit. "Serious" developers do not *definitely* read
> > the documentation. You (and Geir) will be well served to realize this.
> Right...
> > Serious developers typically start with the "Hello, World" example and
> > start hacking around and trying to figure out how to do what they need
> > to do from there.
> You have a different definition of serious developer than I do.
> That is ok, but don't try to enforce your definition upon the
> rest of the world, please.

I don't know how many people would meet your definition of "serious

> > If you claimed to me that you always fully read the documentation when
> > trying to use something, I wouldn't even believe you. I would suspect
> > insincerity.
> Did I claim that? No. I do claim, however, that I _do_
> read enough docs to know what I am supposed to do to get
> started, and to get a feel for what the developers intends
> with their creation. How silly of me.

No, I guess you didn't claim that about yourself. You made some claim
about "serious developers" and I inferred that you were self-classifying
as one. You did not even explicitly say that you were a "serious

I'm not that concerned with whether I myself am a "serious developer". I
have some good work habits and some not so good ones. I usually get the
job done. I do not have infinite patience when it comes to rooting
around in docs though. I would venture to say that most people don't. 

> > Look, I don't want to argue with you. You suffer from the same disease
> > and, judging by what you're saying, you're a far worse gone case.
> Why, thank you. How nice of you. And constructive.

You seem to be trying to be more reasonable now. I am trying too, so
I'll retract that.

> > I did overreact to Geir. I was not in a good mood. I had a good night's
> > sleep and feel more conciliatory. Look, overall, Geir is basically a
> > good guy and he's right to keep trying to improve the documentation. But
> > to think that everybody always reads the docs thorougly is outright
> > silly. I don't think such nonsense should be encouraged.
> You did indeed overreact.
> Not in a good mood? You mean you are in a better
> mood now? I would say that your accusation of me
> suffering from some disease and being a "worse
> gone case" is not a sign of being in a good mood.
> Geir is indeed a nice guy, as far as I have seen.

Yeah, actually he seems okay. He is enthusiastic about Velocity and is
putting a lot of work into it and that's good. Actually, he probably is
more receptive to input than is readily obvious. He seems to spend huge
energy justifying -- in cases, where somebody is not even making a
criticism. I *never* said that the template encodings didn't work, yet
he has repeatedly responded, as if I had indeed said that! I find it

> I did not, nor did anyone else, suggest thet everybody
> should, or does, read the docs _thoroughly_. I did however
> suggest that I, and those I defined as serious developers,
> read the docs to find out how things are supposed to be
> setup for proper usage. Is that too much to ask?

The general gamut of human behavior is what it is and neither you nor I
are going to change it. I think that insisting that something is in the
docs, therefore there's no issue, is naive. The fact that a command in a
makefile must start with a literal tab character and not 4 or 8 spaces
is in the docs somewhere, but I consider that to be pretty broken also.

> Regards,
> David Kinnvall

Jonathan Revusky
available for Java/Delphi/Internet consulting
If you want to...
- make your .class files double-clickable with SmartJ
- do Delphi/Java mixed programming with easy-to-use JNI wrapper classes
- build robust web applications with the Niggle Application Framework
check out the Revusky Hacks Page:

View raw message