On 10/12/01 10:53 AM, "Terry Steichen" <[EMAIL PROTECTED]> wrote:
> I see what I think is a potential problem with using Velocity in a product > (commercial or open-source) designed to be used and extended by others. While > VTL makes extension by users about as easy as it gets, if you also use VTL for > the core parts of the product, it is possible that a user will inadvertently > mess them up, making the product fail to properly operate. This kind of > customer support problem might be very, very difficult to track down. > > Any thoughts, reactions? Sure - you can put your templates in a jar and have them loaded from there. See the section on resource loader (look for ClasspathResourceLoader) in the developer guide. Now, this isn't 100% perfect, as a user can always unpack the jar, modify the templates, and rebuild the jar. However, this wouldn't be accidental.... If you are paranoid, you can always do a checksum on your template jar :) > > Regards, > > Terry Steichen > > PS: Are there any plans for allowing templates to selectively be 'compiled'? There are two takes on this. There is a belief that compiling to Java bytecode would make it faster. (I don�t' really believe this). We already beat JSP :) The second is that you could serialize the parsed representation of the template, and put that into a jar for the purpose of template security (among other things) That adds some very interesting version compatibility issues, with limited upside (I think). It's easy to write your own loader - so you could do all sorts of wacky things like encrypt your template jar, and only your loader would be able to untangle it. Or digitially sign the template jar, so your loader would know if it was tampered with... geir -- Geir Magnusson Jr. [EMAIL PROTECTED] System and Software Consulting You're going to end up getting pissed at your software anyway, so you might as well not pay for it. Try Open Source.
