Re: [Actionframework-users] Proposals for 0.94
Status: Inactive
Brought to you by:
ptoman
Menu
▾
▴
Re: [Actionframework-users] Proposals for 0.94
|
From: David W. <da...@su...> - 2002-08-09 22:53:14
|
Petr, Some rather delayed comments on your 0.94 proposals, I have ignored items where I have no comment. > [ ] enable passing of all HTTP parameters (= put everything to Context) Yes, providing they are in a special namespace. This avoids the big security hole found in php where a cracker could submit variables you were not expecting. > [ ] allow <on-exception>s common to all components Yes please > [ ] add new <on-new-session> element - allowing 'show-url' redirect > (ensure $SERVLET, $URL and $REQUEST are set before processing it!) Yes please > [ ] implement <pre-condition>s - example: yes please, although personally I would still prefer a way of defining separate actions for get/post and secure/insecure as I think these are so common and using preconditions will make the actionservlet seem more complicated. > [ ] allow evaluation of 'show-url' directly, not only via > <output-variable> yes please > [ ] put $REQUEST (of type HttpServletRequest) to Context - like $SERVLET yes please, but can we put all these things into a single namespace in the Context for security and lack of potential conflicts. > [ ] examples configuration + out-of-box ant task for Jetty Good. Thanks for all this. We are going well with ActionServlet at the moment with Mandip churning out production quality code nice and quick. Erik has also been working on our generic "framework" for all our projects using ActionServlet, Velocity, Jrf and a few home grown standards. Regards David PS Sorry for the flood of emails, just trying to clear my desk before holidays. -- David Warnock, Sundayta Ltd. http://www.sundayta.com iDocSys for Document Management. VisibleResults for Fundraising. Development and Hosting of Web Applications and Sites. |
