On Mon, Aug 9, 2010 at 11:14 AM, Amila Suriarachchi <am...@wso2.com> wrote:
> > > On Mon, Aug 9, 2010 at 10:33 AM, Afkham Azeez <az...@wso2.com> wrote: > >> This is more about good encapsulation at the component level. The >> component author should consciously decide which classes are bundle-local & >> which should be part of the API provided by the bundle. Having said that, >> I've seen a lot of code where attributes that should have private scope, >> have been declared in package-local scope! As best practice, it is always >> good to start with typing in the scope of the attribute, and then the class >> name. I have created autocompletion shortcuts such as pvt (private) & pub >> (public) which lets me define the scope in less than a second. > > > > If we do this correctly we need to move the internal/external after top > level package name. > > eg. > org.wso2.carbon.event.cep.core.internal > org.wso2.carbon.event.cep.core.external > > and all the other package structures should go under it. > > -1. This is not at all what I am suggesting. > But I think better it is enough to move the externally accessible classes > into external package. And use others as it is. This may improve the > readability of the code since any one accessing a particular component only > has to look in to external package classes. > > At least in theory components should be decoupled and should be cohesive. > Therefore a component should only have a small set of interfaces which it > use to communicate with others and implementation classes should be local to > that component. > > thanks, > Amila. > > > >> >> Azeez >> >> >> On Mon, Aug 9, 2010 at 12:15 AM, Sumedha Rubasinghe <sume...@wso2.com>wrote: >> >>> I think we need to have this type of security checks in the unit tests >>> that use CarbonContext. This is one place where malicious code can get into >>> a running system. >>> >>> /sumedha >>> >>> >>> >>> On Sun, Aug 8, 2010 at 5:59 PM, Sameera Jayasoma <same...@wso2.com>wrote: >>> >>>> +1. We've faced many security issues, due this exposure of internal >>>> packages. One such good example is, never expose your BundleActivator. It >>>> might be keeping references to your BundleContext and the BundleContext >>>> should never be shared with any other bundle. >>>> >>>> Sameera >>>> >>>> On Fri, Aug 6, 2010 at 8:53 AM, Afkham Azeez <az...@wso2.com> wrote: >>>> >>>>> Folks, >>>>> We haven't been paying proper attention to bundle internal vs. external >>>>> classes. This is evident by the fact that most of our internal packages >>>>> contain only a few classes. Most of the classes are related to the bundles >>>>> internal implementation and hence should not be exposed to outside >>>>> bundles. >>>>> In the future, please make it a point to place your bundle private classes >>>>> within subpackages of the internal subpackage as shown in the example >>>>> below. >>>>> >>>>> >>>>> e.g. >>>>> org.wso2.stratos.permission.update.internal.task.PermissionUpdaterTask >>>>> >>>>> If you look at most of our components, you will notice that a >>>>> significant number of them should have only internal package. Please >>>>> follow >>>>> this when developing bundles in the future & also feel free to fix this in >>>>> existing bundles. >>>>> >>>>> Thanks >>>>> -- >>>>> Afkham Azeez >>>>> Senior Software Architect & Senior Manager; WSO2, Inc.; >>>>> http://wso2.com, Lean . Enterprise . Middleware >>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>> email: az...@wso2.com cell: +94 77 3320919 >>>>> blog: http://blog.afkham.org >>>>> twitter: http://twitter.com/afkham_azeez >>>>> linked-in: http://lk.linkedin.com/in/afkhamazeez >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> Carbon-dev@wso2.org >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Sameera Jayasoma >>>> Technical Lead >>>> WSO2, Inc. (http://wso2.com) >>>> email: same...@wso2.com >>>> blog: http://tech.jayasoma.org >>>> >>>> Lean . Enterprise . Middleware >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> Carbon-dev@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> Carbon-dev@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> Afkham Azeez >> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, >> Lean . Enterprise . Middleware >> Member; Apache Software Foundation; http://www.apache.org/ >> email: az...@wso2.com cell: +94 77 3320919 >> blog: http://blog.afkham.org >> twitter: http://twitter.com/afkham_azeez >> linked-in: http://lk.linkedin.com/in/afkhamazeez >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Afkham Azeez Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, Lean . Enterprise . Middleware Member; Apache Software Foundation; http://www.apache.org/ email: az...@wso2.com cell: +94 77 3320919 blog: http://blog.afkham.org twitter: http://twitter.com/afkham_azeez linked-in: http://lk.linkedin.com/in/afkhamazeez
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
