Glenn Nielsen wrote:
>
> Jon Stevens wrote:
>
> > There is no amount of security that will prevent someone from putting that
> > into their JSP page other than disabling the ability to put scriptlets into
> > things. If you do that, then you are simply where you should have been in
> > the first place...using Velocity.
> >
>
> Yes, but using velocity templates limits a great deal what customers
> can do when compared to a general purpose servlet container where
> web applications can be deployed.
Those aren't comparable, 'Velocity templates' and 'general purpose
servlet container', because Velocity is just a template tool - you still
need the servlet and servlet container.
I am sure you understand this, but wanted to keep things clear for
others that get confused when we say 'template engine' when talking
about Velocity - it's just a 'toolkit' you can use in your webapps in
your favorite servlet environment (Tomcat, of course... )
> There is a great deal more to
> security than just preventing a 'trusted user' who can publish content
> from doing something stupid. No where in your YMTD document do I see
> anything about security, just your reference above to a trusted user
> DoS. Heck, if one of my customers wants to use Velocity, they can do
> so if it can be deployed as a web application, but it will have to
> run within the security policies we set for the Tomcat Java SecurityManager. ;-)
Maybe it wasn't clear to you then - yes, it can be deployed in a web
application just like any other bit of java code.
I encourage you to take a few minutes and just look it over. We offer
decent documentation and examples, both for web use and non-web use.
While I am pretty certain you aren't going to foreswear JSP, it's
certainly an interesting alternative, and has plenty of non-web uses as
well for code, text, SQL generation, static HTML page generation, etc...
geir
--
Geir Magnusson Jr. [EMAIL PROTECTED]
System and Software Consulting
Developing for the web? See http://jakarta.apache.org/velocity/
"still climbing up to the shoulders..."
