On 04.07.2013, at 14:56, Carsten Ziegeler <[email protected]> wrote:
> Adding this - maybe as an optional service - into the resource resolver > makes it also impossible to bypass validation - the validation is always > done regardless whether the changes are done through the post servlet, any > other servlet, or some server side code running in the background. We should be careful with the imposed new processing overhead of this. There needs to be control over it, and IMO an active whitelisting for which validators (i.e. resource types) this would happen and when. And the simplest way to do that is to have custom application code call the validation service (one-liner) themselves and do it automatically only in the post servlet (but also with an option to enable/disable individual validators). Cheers, Alex
