On Fri, 5 Apr 2002, Nicola Ken Barozzi wrote: > Here is a short but insightful explanation of why Avalon decided to make > Logkit, and the reasons for using IOC (inversion of control) in logging: > > http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=101014079017326&w=2
"Insightful" ??? I hope you are kiding. There is no extra security, configurability or performance you get 'magically' by using one aproach or the other. Sandbox is the only thing that gives you real security - anything else is just a dangerous ilusion. Commons-logging and log4j provide application insolation - no other application can use or see your log ( by conventional means, if you don't have a sandbox anything in the VM is completely unprotected anyway ) I find the claims that by using one programming technique you'll get a more 'secure' application extremely dangerous and misleading. If you don't use the sandbox, there is _no_ protection against hacked code. NONE. If you use a sandbox and you understand a bit java security - it's pretty easy to get the same insolation regardless of the pull/push model. Besides, commons-logging allow you to switch the logger any time you want, so that's not a problem. That's the whole point. Costin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
