Janne Jalkanen wrote:
On 21 Jan 2008, at 21:05, Andrew Jaquith wrote:
I cannot imagine a class with more security implications than
AuthorizationManager (or AuthenticationManager), can you? :)
[...]
Having said that, I'm all for having a proper developer API and
correctly designed extension mechanisms, and use cases and plans and
roadmaps and releases and requirements management and all that jazz, but
to me it feels somewhat odd to say to an open source hacker that "you
can't extend it because we want you to extend only things that we have
decided to be extensible."
Janne,
But it might be remarked that people (including myself) have been able
to extend and embed JSPWiki without this modification. I've been doing
it for several years now, and while my methods have changed it's
certainly possible without hacking so deeply. I tend to agree with
Andrew, i.e., not mess with security unless necessary, and this isn't
(to my understanding) necessary in the core code. Yes, if someone wants
to hack it, let *them* remove the 'final' declarations.
Murray
...........................................................................
Murray Altheim <murray07 at altheim.com> === = =
http://www.altheim.com/murray/ = = ===
SGML Grease Monkey, Banjo Player, Wantanabe Zen Monk = = = =
Boundless wind and moon - the eye within eyes,
Inexhaustible heaven and earth - the light beyond light,
The willow dark, the flower bright - ten thousand houses,
Knock at any door - there's one who will respond.
-- The Blue Cliff Record
