I wrote a test script, and assuming (which the docs say it does) that
Velocity uses the iterator() instead of elements() when it runs up
against a vector, then all is well. If elements() is used, it goes into
infinite loop land. My mistake.
-----Original Message-----
From: Jef Newsom
Sent: Friday, May 18, 2001 11:44 AM
To: [EMAIL PROTECTED]
Subject: RE: Jasper performance
It isn't concurrent.
-----Original Message-----
From: Geir Magnusson Jr. [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 18, 2001 10:52 AM
To: [EMAIL PROTECTED]
Subject: Re: Jasper performance
Jef Newsom wrote:
>
> Velocity does do a lot to minimize the risk you mention, but while
we're
> using stupid coding tricks, couldn't you do the following in Velocity?
>
> #* assume strings is a Vector *#
> #set ($strings = $request.getParameter("strings")))
> #foreach ($string in $strings)
> $strings.addElement($string.clone());
> #end
Good try :)
Assuming it is a Vector, I am pretty convinced that wouldn't work
because you will get a ConcurrentModificationException when you modified
the Vector.
geir
> -----Original Message-----
> From: Geir Magnusson Jr. [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 18, 2001 8:50 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Jasper performance
>
> Dennis Doubleday wrote:
> >
> > At 07:51 AM 5/18/01, Geir wrote:
> >
> > >Those aren't comparable, 'Velocity templates' and 'general purpose
> > >servlet container', because Velocity is just a template tool - you
> still
> > >need the servlet and servlet container.
> >
> > That was exactly my point when I said Velocity doesn't really do
> anything
> > to prevent DOS attacks, either. Any Velocity app requires a servlet
> > back-end, and if I'm going to host user apps, I'm going to have to
let
> them
> > install servlets, in which case they can put in the same
ever-looping
> code.
> >
>
> Definitely. Agreed. There is no silver bullet.
>
> I guess the point is that you remove a little of the risk, as a
designer
> can't
>
> <% while(true); %>
>
> (although as JSP compilers get better, I am sure this stuff can be
found
> and flagged...)
>
> This is not intended to disparage designers : it's just a different
> talent set. My use of color has been described as dangerous,
bordering
> on criminal :)
>
> geir
>
> --
> Geir Magnusson Jr. [EMAIL PROTECTED]
> System and Software Consulting
> Developing for the web? See http://jakarta.apache.org/velocity/
> "still climbing up to the shoulders..."
--
Geir Magnusson Jr. [EMAIL PROTECTED]
System and Software Consulting
Developing for the web? See http://jakarta.apache.org/velocity/
"still climbing up to the shoulders..."
