Dennis Doubleday wrote:
>
> At 07:51 AM 5/18/01, Geir wrote:
>
> >Those aren't comparable, 'Velocity templates' and 'general purpose
> >servlet container', because Velocity is just a template tool - you still
> >need the servlet and servlet container.
>
> That was exactly my point when I said Velocity doesn't really do anything
> to prevent DOS attacks, either. Any Velocity app requires a servlet
> back-end, and if I'm going to host user apps, I'm going to have to let them
> install servlets, in which case they can put in the same ever-looping code.
>
Definitely. Agreed. There is no silver bullet.
I guess the point is that you remove a little of the risk, as a designer
can't
<% while(true); %>
(although as JSP compilers get better, I am sure this stuff can be found
and flagged...)
This is not intended to disparage designers : it's just a different
talent set. My use of color has been described as dangerous, bordering
on criminal :)
geir
--
Geir Magnusson Jr. [EMAIL PROTECTED]
System and Software Consulting
Developing for the web? See http://jakarta.apache.org/velocity/
"still climbing up to the shoulders..."