velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bojan Smojver <>
Subject Re: [OT] Re: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
Date Thu, 26 Sep 2002 21:38:16 GMT
I have promised not to use Tomcat-Dev for this, so I'm answering
privately and I'm sending a CC to Velocity-User list, where it belongs.

Nobody is treating users as stupid. Where are you getting the ideas
about me treating anyone as stupid from? I know it's hard for you to
understand because you're a brilliant programmer, but there a people out
there that can do great things with the look of the site, but
programming is not their thing - they are not stupid because of that.
And those people are web designers. IMHO, they play a very important
role in shaping a web application. If it doesn't look good, clients
won't like it.

However, they cannot be expected to understand a programming language of
Java's complexity. That's the job for the programmers.

Velocity is not taking away any power from anyone. It is just placing it
in the correct place. In the controller and model, where it should be.
I, for one, am sometimes both the web designer (and pretty poor at it
too) of some of my clients sites and the programmer. None of the power
of Java is out of my reach. As I said, it's sitting in the controller
and the model.

I don't feel I have to convert anyone to anything. But, when people ask
direct questions, I give them direct answers. And that is - JSP are
simply a bad idea. This doesn't mean you can't write great applications
with them - quite the contrary. If you know what you're doing, you can
write great web applications in assembler, if you don't mind vomiting a
lot ;-)


On Thu, 2002-09-26 at 16:36, Costin Manolache wrote:
> Bojan Smojver wrote:
> > Quoting Bill Barker <>:
> > 
> >> I'm agreeing with Costin.  Please move this discussion to
> >>  It is off-topic here.
> > 
> > Promise not to write a single byte on this topic on Tomcat-Dev list after
> > this e-mail.
> Please don't missunderstand this - I have nothing against velocity, it 
> is a nice tool ( I like the introspection/bean EL - I hope the jsp el
> will be close and I'm following the developments in commons ).
> There are many cases where its simplicity is a benefit, and 
> for standalone use jsp can't be used. 
> The problem is - this list is for servlet and jsp development.
> And I personally don't like the idea of treating the users
> ( web developers or not ) as stupid that shouln't have powerfull
> tools because they may do bad things.
> If you feel a need to convert people to velocity - I sugest you
> subscribe to Perl and PHP mailing lists ( and maybe ASP ? ). Maybe
> they'll apreciate this kind of arguments :-)
> Costin
> > 
> > Bojan
> > 
> > -------------------------------------------------
> > This mail sent through IMP:
> -- 
> Costin
> --
> To unsubscribe, e-mail:   <>
> For additional commands, e-mail: <>

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message