I disagree. My public fields are all final, immutable objects that are
essential constants within the application. Those in general should not
be visible outside the application. Therefore, having public fields
hidden to templates gets my vote.
Instead of trying to anticipate any security concerns down the road
about exposing a public field, just follow best practice and provide a
getter method. I think there is also a VelocityTool that exposes public
fields.
Barbara Baughman
Systems Analyst
Information Security
972-883-2157
On 2/23/11 10:42 AM, Thomas Vandahl wrote:
On 18.02.2011 07:02, David Parks wrote:
I know getters/setters are good practice, but for internal stuff that
won't
be extended I sometimes package things like compound return
statements into
a simple object with a few public properties for easy access. Seems
reasonable that Velocity would check for a public property if the getter
isn't there.
See
http://velocity.apache.org/engine/releases/velocity-1.7/apidocs/org/apache/velocity/app/FieldMethodizer.html
Bye, Thomas.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
