On Mon, Feb 23, 2009 at 3:05 PM, Felix Meschberger <fmesc...@gmail.com> wrote: > There is just one catch: Do we open up here for a security or > vulnerability issue ?
Currently, the server is in full control of the resolution process: for a given external HTTP request to a certain resource, the scripts executed are defined solely by the server. And to support a RESTful architecture, this is an important constraint: a uniform resource interface, controlled by the server. The client should only be in charge with choosing the state transitions offered by the server, depending on the resource/content. Otherwise one would introduce some kind of a remote method call interface, which Sling should not do... this is the same reason as it is not possible to directly execute a script in Sling. Regards, Alex -- Alexander Klimetschek alexander.klimetsc...@day.com