velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anders Lindback <and...@igiro.se>
Subject Re: VelocityViewServlet and velocity.properties
Date Thu, 03 Oct 2002 08:56:21 GMT
Iain Young skrev:
> Hi Gabe,
> 
> >all templates are read relative to the root of the web app. There is
> >currently no way to configure the resource loader differently in
> >velocity.properties. That is maybe something we should add??
> 
> I think that would be a very useful addition as it's very messy having all
> of the vm files in the webapp root (the only place where the current vvs
> will pick them up from), especially as the project I'm working on is likely
> to have a great number of template files. I guess that alternative paths
> could be specified in velocity.properties in the same way as the other
> resource loaders (i.e similar settings to the file loader), and the vvs
> could read them from there?

It's a security problem to store the templates files in the webbapp root directory.
Therefore everyone should create their own servlet anyway. 

Really wish that it's changed so that the servlet shipped are expecting
that templates are hidden in a webbapps subdir to WEB-INF for exmple
web-INF/templates instad as it is now. 

All webbapps based on todays VelocityServlet are most probably a security hole.





--
To unsubscribe, e-mail:   <mailto:velocity-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:velocity-user-help@jakarta.apache.org>


Mime
View raw message