[jira] [Commented] (DMAP-54) Improve Console example

Sat, 03 Jan 2015 04:58:03 -0800 

    [ 
https://issues.apache.org/jira/browse/DMAP-54?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14263523#comment-14263523
 ] 

Werner Keil commented on DMAP-54:
---------------------------------

Please note, there is a rift between "Console example", which this ticket is 
actually about and classifier.Main class which your diff file tells is about.

There is one of 5 examples I also demonstrated at selected events 
 org.apache.devicemap.example.console.Example which I made usable based on an 
early draft (see related ticket) 

However, there is also the classifier.Main class. IMHO mixing these 2 in a 
single (monolithic) project is another short-sighted hack. The client should 
not necessarily expose a "command line console" at least not in the same JAR, 
since it'll always be inseparable and nothing prevents either a legitimate user 
or hacker who gained access to a server from using this command line client 
within the library JAR. There are numerous large companies, especially banks, 
etc. where this is an absolute NO-GO, while a separate JAR (doesn't have to be 
called "example") would be fine. Even if access to the resource files may be 
read only as it's currently the case with DeviceMap, a hacker or malware could 
still run DOS attacks by executing batch scripts with millions of UAs against 
this tool, while inside proper containers their security managers usually 
prevent this. All of these so called "Java viruses" affected SE and parts that 
run standalone or at least via Applet. 

So aside from poor design by putting everything into a single JAR and module it 
poses a security loophole.
Beside this security aspect, do you plan to maintain a command line and command 
line example separately if they not only access the same client JAR but do 
pretty much the same thing?

> Improve Console example
> -----------------------
>
>                 Key: DMAP-54
>                 URL: https://issues.apache.org/jira/browse/DMAP-54
>             Project: DeviceMap
>          Issue Type: Task
>          Components: Java Client, Java Examples
>            Reporter: Werner Keil
>            Assignee: Werner Keil
>              Labels: console, example
>             Fix For: 1.0.0 Java Examples
>
>         Attachments: cmd.diff
>
>
> Pass UA parameter to override the default if provided



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to