Agree - no security risk, no real downside except cultural. BTW - we used to do this as an elementary form of source control. Crude but effective.
I'm interested - if you're looking to improve reflection, have you found a good parser? The Eclipse parser is excellent, but hard to break out as a standalone thing. I've been learning antlr in my spare time (5 minutes/week) but it is slow going. Jeff Butler On 10/26/07, Clinton Begin <[EMAIL PROTECTED]> wrote: > > Definitely not a security risk...decompilers, decompilers, > decompilers... :-) > > > > But, now it's time to play the card I've been holding back. > > > > Every day, thousands of developers (of well over 50% of web apps) deploy > their source code to their web/app servers in the form of PHP, Perl, Python > and Ruby. Compiling is actually the pain in the ass, not the source code. > > > > In either case, the JAR command in your Ant script can simply include the > source folder to get the Java files to tag along with the class file. Only > people who are not using automated builds will have problems. But those > people should be fired anyway. ;-) j/k...it's just a matter of zipping up > the src and classes folder, or heck, if they're sidestepping best practices > that much, just compile into the source directory and JAR that up. > > > > I don't think that the technology or developer skill that is going to be > the problem here. It's the dogma and bureaucracy that will kill this idea. > > > > Clinton > > > > *From:* Brandon Goodin [mailto:[EMAIL PROTECTED] > *Sent:* October-26-07 10:21 AM > *To:* dev@ibatis.apache.org > *Subject:* Re: Deploying Source Code > > > > I think there would be a couple issues... > > The first is overcoming the stigma of deploying src alongside your > compiled code. The knee jerk reaction is going to be about security. > However, what is humorous about that is that companies regularly expose > their database structures via SQL in xml files or configuration files. > Addtionally, if a company is concerned about intellectual property being > hijacked they should get out of the database business. As soon as you sell a > client your app and install a database for them... the client can see all > the database goodness your app contains. Anyway, I think there are way > bigger security risks than source code being deployed. > > The other issue is going to be for the various build tools out there that > aren't ant or maven. Even with maven it will require some deployment magic. > Heck even a standard compile in IDEA has to be tweaked to get something like > that to occur. So, the amount of effort it takes to get code deployed in > this manner may be a non-starter for many. For that reason I'm not sure *I* > would use it. It's almost as bad as a second compile. > > Brandon Goodin > > On 10/26/07, *Clinton Begin* <[EMAIL PROTECTED]> wrote: > > You've caught me...and you're the perfect person to have done so. I am > indeed thinking of enhanced runtime reflection. See if Java reflection > was > complete, this wouldn't even be a discussion. Certainly in C# land it is > not. > > There's two reasons: 1) parameter names as you've guessed, 2) Comment > block > processing because Java has no multiline strings. Again, in C# this isn't > a > problem because C# Attributes are much cleaner than Java annotations, they > > have multiline strings and they can introspect on parameter names (James > Gosling, are you listening? Or farting around with NetBeans?) > > GWT is nice, but I hate having to "compile" or "generate" > code. Blech. The > code is written, why do I want anymore? :-) So if we did support > something > like: > > public native Employee getEmployee(int id) /*-{ > SELECT * FROM EMPLOYEE WHERE ID = ${id} > }-*/; > > I would not want to generate yet another artifact (probably XML) at build > time. I personally hate that. So why not just deploy the source? It's > the > easy and natural thing to do. And I love the fact that it still compiles! > > My biggest concern is that there are some companies that are kind of > strict > in the sense that they believe this is a security risk, which I believe is > totally false. However, I could understand to some degree that developers > of desktop apps would not want to do this if they have IP/legal issues > with > handing out their source code. > > But then again, that's why we have multiple solutions right? ;-) > > Cheers, > Clinton > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of > Larry Meadors > Sent: October-26-07 8:26 AM > To: dev@ibatis.apache.org > Subject: Re: Deploying Source Code > > I used to do that, but looking at it now, I am asking "What's the cost > and what's the value?". > > The cost in terms of disk is negligible these days - You can't buy a > drive <120GB these days, so what's a few hundred KB, or even a few MB > on disk? Especially compared to the 80MB of struts or spring? > > I'm not sure how class loaders deal with this, I suspect if they load > a jar, they load all of the resources, not just what's needed. That > *could* be a bit more costly in terms of startup time, and free memory > for the application, but again, sheesh, when you have 4-8GB of RAM in > a server, what's a few K here and there? I suspect you'll leak more > than that running firefox. ;-) > > The value seems kind of iffy. I guess if you wanted to use embedded > comments for runtime code generation, this is the only real way to do > that. But IMO, since we have annotations, that's not a great idea. It > might help overcome some of Java's retarded reflection limitations > (who needs parameter names, anyway?), but again - an annotations can > do that, too. > > My gut reaction is that it's not a good idea, but I can't really > quantify why. :-) > > Larry > > > On 10/26/07, Clinton Begin <[EMAIL PROTECTED] > wrote: > > > > > > > > > > I mean deploying your .java files to production alongside your .class > files > > and having it available on the classpath at runtime. > > > > > > > > com/yourdomain/yourapp/SomeClass.java > > > > com/yourdomain/yourapp/SomeClass.class > > > > > > > > I hope that's more clear. > > > > > > > > Clinton > > > > > > > > > > > > > > > > From: agodinhost [mailto:[EMAIL PROTECTED] > > Sent: October-26-07 6:17 AM > > To: dev@ibatis.apache.org > > Subject: Re: Deploying Source Code > > > > > > > > > > > > I donĀ“t know if I really understood what you mean. > > > > > > > > > > > > If you are just talking about the iBates part of code, to give a more > > examples, it is okay. > > > > > > But if you are talking about the whole application this can be a > > nightmare!!! > > > > > > > > > > > > Please, explain better your idea. > > > > > > > > > > > > Woody > > > > > > > > ----- Original Message ----- > > > > > > From: Clinton Begin > > > > > > To: dev@ibatis.apache.org > > > > > > Sent: Thursday, October 25, 2007 11:41 PM > > > > > > Subject: Deploying Source Code > > > > > > > > > > What does anyone/everyone think of deploying their Java source code with > > > their application? > > > > > > > > Thoughts, ideas, fears, absolutely not??? > > > > > > > > Why? > > > > > > > > Cheers, > > > > Clinton > > >
