+1, go ahead...
Bye, Norman 2009/9/7 Robert Burrell Donkin <[email protected]>: > On Sun, Sep 6, 2009 at 11:50 AM, Robert Burrell > Donkin<[email protected]> wrote: >> the Service method in ValidRcptHandler[1] contains >> >> if (tableName == null || tableName.equals("")) { >> table = (VirtualUserTable) arg0.lookup(VirtualUserTable.ROLE); >> } else { >> table = ((VirtualUserTableStore) >> arg0.lookup(VirtualUserTableStore.ROLE)).getTable(tableName); >> } >> >> this raises questions about injection >> >> AFAICT VirtualUserTable.ROLE is only used for ValidRcptHandler >> >> IMHO it would have been more nature for the table name check to be >> performed in VirtualUserTableStore[2], with the default returned when >> null or empty string is passed to getTable. this would allow >> VirtualUserTableStore to be injected and used in any case. >> >> opinions? > > objections? > > - robert > >> - robert >> >> [1] >> http://james.apache.org/server/head/xref/org/apache/james/smtpserver/core/filter/fastfail/ValidRcptHandler.html >> [2] >> http://james.apache.org/server/head/xref/org/apache/james/api/vut/VirtualUserTableStore.html >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
