velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paulo Gaspar" <paulo.gas...@krankikom.de>
Subject RE: Sick of pointless arguments on this list WAS: template encodings
Date Tue, 17 Jul 2001 17:05:49 GMT
Cool down Jonathan:

You do not have to agree with "us" and "we" do not have to agree with you.

This list supports multiple opinions!
=;o)

Have fun,
Paulo Gaspar


> -----Original Message-----
> From: revusky@jr.revusky.com [mailto:revusky@jr.revusky.com]On Behalf Of
> Jonathan Revusky
> 
> 
> "Geir Magnusson Jr." wrote:
> > 
> > Does this mean I can't respond to the last message from Jonathan?  :)
> 
> You don't need to, Geir. I've slept on it and I've decided that you guys
> are right.
> 
> template = Velocity.getTemplate("C:\\mytemplates\\mysillytemplate");
> 
> should not work out-of-the-box. People should have to read the
> documentation and figure out how to change the configuration. After all,
> if people could get it working without reading docs at all, then all the
> hard work you put into the documentation would be wasted!
> 
> But more importantly, things should not work too easily for people. You
> see, though some people may not realize it, the goal of software
> development is not really to develop software. That is merely a side
> effect. The goal is really to build character. If things work too
> easily, then people get lazy. On the other hand, when things are more
> difficult and they have to figure out configuration files and things to
> get a simple example working, they suffer a little bit, and that's
> character-building.
> 
> Also, letting people read a template file from an absolute path is a
> security hole. I am still not sure why, but you've said it enough times,
> and you're really smart guys, so I'm convinced that it must be true. You
> may not see much of me for a while. I will probably be on various
> discussion lists for libraries with API's that can take an absolute
> filename as an argument. I will be spreading the word that this is a
> huge security risk in and of itself and that these libraries should have
> the same defaults as Velocity.
> 
> > 
> > geir
> > 
> > --
> > Geir Magnusson Jr.                           geirm@optonline.net
> > System and Software Consulting
> > Developing for the web?  See http://jakarta.apache.org/velocity/
> > You have a genius for suggesting things I've come a cropper with!
> 
> -- 
> Jonathan Revusky
> --
> available for Java/Delphi/Internet consulting
> If you want to...
> - make your .class files double-clickable with SmartJ
> - do Delphi/Java mixed programming with easy-to-use JNI wrapper classes
> - build robust web applications with the Niggle Application Framework
> then...
> check out the Revusky Hacks Page: http://www.revusky.com/hacks/
> 

Mime
View raw message