I am somehow a little confused by some of the comments... pls see inlined
On 5/23/06, Frank W. Zammetti <[EMAIL PROTECTED]> wrote:
On Tue, May 23, 2006 2:57 pm, Ian Roughley wrote: > Joe thought that a Struts2 > creator that read could read existing Struts2 configuration files, and > expose a package would be fairly simple to do. This would avoid > additional configurations. So by default all the Actions would be exposed as, in essence, service endpoints, in this package? I'm not sure I like that, sounds like a potential security nightmare. Or would you still have to enable what can be accessed? If you have to still write config to enable things anyway, I'm not sure how much it would save. I'd like to hear more about how Joe envisions this working.
Not sure why it would be a security nightmare, because the actions are already there, so somebody wanting to call them will however have access to them. Now, it falls to the way you write your actions: are they safe-written, than try and call me. I am getting the feeling I am missing something :-(.
I think anyone that makes an Ajax call to retrieve tooltip text is inherently evil :) LOL I kid, I kid. Seriously though, it's very easy to abuse Ajax and wind up with a server ground to its knees when the load gets high enough. Even though each Ajax request is generally smaller and easier to generate on the server resource-wise than a full page refresh, I think it is good to try and dissuade people from doing things like getting tooltip text from the server as a best practice, and therefor not providing things in the framework that makes it too easy. After all, if your going to use Javascript to retrieve a tooltip, why not just have it on the client and generate it there? It's script either way.
I am not sure how using Ajax can bring your server down. As you say, Ajax calls are generally smaller, and I cannot see a way how you can stop a bad developer to not take his tooltips from the server if he really wants it. This is something that I think is called good practice, and as we already know there will always be guys that are not following it. cheers, ./alex -- :Architect of InfoQ.com: .w( the_mindstorm )p. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]