<unrelated>I would really like to see [EMAIL PROTECTED]</unrelated>
With the view related security issues that have arrisen, we have to look at some realities of development and deployment. They have some potentially conflicting concerns.
This reminds me of a discussion back in september (see [1]) about running modes. Some of the concerns you address can be solved by having various components adapt their behaviour depending if Cocoon runs in development mode or in deployment mode, and thus providing more "unsecure" features at development time while being more strict at deployment time by just changing a flag in a configuration file.
Sylvain
[1] http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=103175546321320&w=2
-- Sylvain Wallez Anyware Technologies http://www.apache.org/~sylvain http://www.anyware-tech.com { XML, Java, Cocoon, OpenSource }*{ Training, Consulting, Projects }
