On 8/25/06, Jason Carreira <[EMAIL PROTECTED]> wrote:
>
> Following up to myself: I want to also make it clear
> that I'm not opposed to changing my way of doing
> things, but so far I haven't seen anything that seems
> any better than what I'm doing now. I'm happy to
> explain more about how the ! syntax is used with all
> my forms, so that alternative approaches can be
> proposed to me.
Well, how about a proposal for something that does what you want but meets
people's
security concerns?
Just to step back a moment, let's be clear that the original
suggestion, which stemmed from the "Rough Spots" discussion, was that
we experiment with using wildcards to provide the same functionality
as the "!" syntax. If that experiment provided fruitful, we would
then, only only then, remove the hardwired "!" in favor of a wildcard
solution, that mimicked the same functionality, so that existing pages
did not need to change.
My own initial trial was successful. I was able to substitute a
wildcard for the "!" in a prior revision of the MailReader
application, without changing the server pages. (One exception was a
form that didn't specify an action, but I expect few people do that
now.) Hopefully, others will make the same trial with their own
applications.
If we can use wildcards instead of the "!", then we can take out
excepton code, and focus on stabalizing the code for wildcards
generally, instead of "!" specifically.
Right now, the switch serves two clear purposes. One it closes a
security gap, or at least makes the gap optional. Two, it makes it
possible for people to experiment with using wildcards in lieu of the
bang construct.
Now, along the way, in another discussion, I asked if using multiple
methods was really a best practice, and the general answer was that
alternate methods were considered an elegant and pragmatic practice,
and clearly the best practice that anyone has defined. But that was a
separate discussion.
As it stands, I think we are at the point where people need to put
what we already have to the test. Can we use the simple, general
purpose wildcards *we already have* to mimick the "!" functionality?
If not, why not? And, can you show us what we can't do in a working
example?
There is no reason for alarm or discord. The only thing that has a
changed is a one-line setting in a properties file. Meanwhile, having
the setting is closing a backdoor that some people might overlook, and
it is helping us identify where the special-case code is now, so if we
are able to *replace* the functionality with general-puroose code, we
will know where to make the changes.
-Ted.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
