At 08:35 PM 5/16/01, Jon wrote:
>Also, there is a reason for the #foreach...
>
><http://jakarta.apache.org/velocity/ymtd/ymtd-hosting.html>
Jon,
I agree with most of your points. I am a new Velocity user and I am very
impressed by its combination of power and simplicity. Reading/writing XSLT
specs is an exercise in masochism.
However, I don't see how Velocity is really avoiding the fundamental
problem described in the document you referenced. If you are an ISP hosting
Velocity-based pages, you are certainly going to have to let that 14 year
old kid install both templates and class files; templates by themselves
won't accomplish much. So the incompetent or malicious client can easily
make the same mistake in his Command class that he would have made in the
JSP page, and therefore also create a DOS attack on all servlets hosted in
that JVM. No?
-------------------------------------------------------------
Dennis Doubleday email: [EMAIL PROTECTED]
yourfit.com, Inc. web: http://www.yourfit.com/
