On Mon, Dec 1, 2008 at 9:57 AM, Tim Perrett <[EMAIL PROTECTED]> wrote:
> > Hey David, > > Thanks for the response - I have been reflecting on the whole L2 cache > thing today and kind of came to the same conclusion. If the content > has been served, it might as well be cached in its entirety as a HTML > file so it can then be served by the front end web-server (nginx, > apache etc) and i'll just expire the cache on a ad-hoc basis from the > admin application. > > As for your concerns over security - I agree, it has grounding, but on > the other hand, my plan was to provide a couple of snippets and > document those, things like: > > - list all leaf nodes > - list all nodes > etc, etc > I'd do something different... I'd replicate the Lift tag mechanism, but with your own <cms:xxx/> tags... then you can control which tags get executed. Further, you can enhance the Textile parser to recognize custom tags such that you can allow users to enter a combination of Textile and your mark-up... which will be easier for them. > > I can also then take advantage of the lift localization mechanism - so > all in all, I think the pro's out weigh the cons. Potentially in the > XML page parser I could add a step which checked for the presence of > un-allowed tags (like comet) via some XML DOM checking. Just a thought > anyways :-) > > Cheers > > Tim > > > > On Dec 1, 5:11 pm, "David Pollak" <[EMAIL PROTECTED]> > wrote: > > Tim, > > > > Please remember that Lift's Snippet processing is recursive. Thus, you > > don't really need to hook into the templating system in order to be able > to > > using Lift's templates. For example, if your snippet returned: > > > > <span><lift:comet type="Dog"/><lift:comet type="Cat"/></span> > > > > Lift would then interpret the two comet tags and you'd wind up with two > > comet components on the page. > > > > However, I think it's a security risk to allow arbitrary users to be able > to > > embed <lift:xxx/> tags in their content. This would in effect allow any > > user access to any resource that any snippet has access to. > > > > On the caching front, I'd hand-roll my own caching mechanism. You'll > > probably end up caching all (or almost all) the content. Rather than > doing > > some goofy stuff in SQL trying to do object graph traversals, just do it > in > > objects. You can use immutability and actors to deal with most of the > > concurrency issues. > > > > Thanks, > > > > David > > > > -- Lift, the simply functional web framework http://liftweb.net Collaborative Task Management http://much4.us Follow me: http://twitter.com/dpp Git some: http://github.com/dpp --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---
