Serge Knystautas wrote:
>
> Stefano Mazzocchi wrote:
> > You guys seem to fail a simple programming practice that is used to
> > "defend" yourself from such API abuses: make the Mail constructors and
> > all the methods you don't want the mailet to mess with private.
> >
> > If you need another instance, then you pass thru a factory but you need
> > to get the instance of the factory and this instance is provided to you
> > if you are entitled to do this job.
> >
> > I still don't get it.
>
> There's nothing wrong with the Mail constructor or hidden methods
> getting called. The problem is the notion you suggested of having the
> MailServlet/Mailet service method return a Mail object. We don't care
> about creating extra instances... any of restrictions. My point is if
> you make the API,
>
> public Mail service(Mail mail)
>
> then a servlet can return a new instance of a Mail object to the middle
> of the processing pipe (which I think is bad),
No, you can't if you close up "new Mail()" and all the other
constructions by making them not accessible from the mailet.
> and then you'll also have
> people wanting,
>
> public Mail[] service(Mail mail)
>
> (we've already had requested and discussed issues like this).
Yes, they request it and we say "no way, do it smartly" and we tell them
how to do it :)
> A servlet
> is completely within it's rights to construct 500 the Mail objects...
> but they should have to add that to the top of the spool (using a
> provided API call), not by returning it from the service method.
Totally agreed. Just don't get why my proposal is against your idea.
> Ok, I just had another really bad idea... do we want to apply a special
> security manager to MailServlets/Mailets that restrict what they can do
> (send X many messages, view only this part of the harddrive, not access
> any parts of the network). I remember long ago they tried to apply
> security manager restrictions to servlets, and that failed because
> people wanted complete control. Again, something to table for a while,
> but maybe we can bring it up again later. Then an admin can add mail
> servlet components and know they won't abuse the system.
A mailet security manage is something that will be needed, but let's not
think about it for now. The method restriction is about API design not
security restrictions.
--
Stefano Mazzocchi One must still have chaos in oneself to be
able to give birth to a dancing star.
<[EMAIL PROTECTED]> Friedrich Nietzsche
--------------------------------------------------------------------
Missed us in Orlando? Make it up with ApacheCON Europe in London!
------------------------- http://ApacheCon.Com ---------------------
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/>
Problems?: [EMAIL PROTECTED]
