I am somehow a little confused by some of the comments... pls see inlined

On 5/23/06, Frank W. Zammetti <[EMAIL PROTECTED]> wrote:
On Tue, May 23, 2006 2:57 pm, Ian Roughley wrote:
> Joe thought that a Struts2
> creator that read could read existing Struts2 configuration files, and
> expose a package would be fairly simple to do.  This would avoid
> additional configurations.

So by default all the Actions would be exposed as, in essence, service
endpoints, in this package?  I'm not sure I like that, sounds like a
potential security nightmare.  Or would you still have to enable what can
be accessed?  If you have to still write config to enable things anyway,
I'm not sure how much it would save.  I'd like to hear more about how Joe
envisions this working.


Not sure why it would be a security nightmare, because the actions are
already there, so somebody wanting to call them will however have
access to them. Now, it falls to the way you write your actions: are
they safe-written, than try and call me.
I am getting the feeling I am missing something :-(.


I think anyone that makes an Ajax call to retrieve tooltip text is
inherently evil :) LOL  I kid, I kid.  Seriously though, it's very easy to
abuse Ajax and wind up with a server ground to its knees when the load
gets high enough.  Even though each Ajax request is generally smaller and
easier to generate on the server resource-wise than a full page refresh, I
think it is good to try and dissuade people from doing things like getting
tooltip text from the server as a best practice, and therefor not
providing things in the framework that makes it too easy.  After all, if
your going to use Javascript to retrieve a tooltip, why not just have it
on the client and generate it there?  It's script either way.


I am not sure how using Ajax can bring your server down. As you say,
Ajax calls are generally smaller, and I cannot see a way how you can
stop a bad developer to not take his tooltips from the server if he
really wants it. This is something that I think is called good
practice, and as we already know there will always be guys that are
not following it.

cheers,

./alex
--
:Architect of InfoQ.com:
.w( the_mindstorm )p.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to