Dear Wiki user, You have subscribed to a wiki page or wiki category on "Struts Wiki" for change notification.
The following page has been changed by Paul Benedict: http://wiki.apache.org/struts/HDIV ------------------------------------------------------------------------------ = SPI or native integration? = - HDIV seems to solve a problem that most web application developers don't know they have. By "natively", I mean it's part of the core and you can't make your application less secure by ripping it out. It is Apache licensed after all. + '''Matt Raible:''' HDIV seems to solve a problem that most web application developers don't know they have. By "natively", I mean it's part of the core and you can't make your application less secure by ripping it out. It is Apache licensed after all. If rolling it into the core isn't an option, it would be nice if it was easier to integrate. Instead of requiring new tag libraries, it'd be nice if tag libraries (and Velocity/FreeMarker macros) were "HDIV aware". If an HDIV JAR/Plugin is on the classpath - use it. - If rolling it into the core isn't an option, it would be nice if it was easier to integrate. Instead of requiring new tag libraries, it'd be nice if tag libraries (and Velocity/FreeMarker macros) were "HDIV aware". If an HDIV JAR/Plugin is on the classpath - use it. + '''Paul Benedict:''' I wouldn't want to fork the project because I am not a security expert. I couldn't maintain it well even though I want to integrate it. Also, I don't know if HDIV has aspirations outside of Struts which would make an SPI much more palatable. I am not strongly in favor of belonging to the core. I think the feature should be optional, but I wouldn't also object if it was put of the core with the option to turn on/off. - Which security package(s) would you want to work with in addition to HDIV? I firmly believe that you need at least two candidates in order to successfully design an SPI. Otherwise you run a very high risk of designing an SPI that can really only be successfully used by the one candidate you designed it around. + '''Martin Cooper:''' Which security package(s) would you want to work with in addition to HDIV? I firmly believe that you need at least two candidates in order to successfully design an SPI. Otherwise you run a very high risk of designing an SPI that can really only be successfully used by the one candidate you designed it around. = Performance = - It's unusual that a feature such as this comes without penality. If HDIV were native, what would be the performance cost? Complexity cost? + '''Ted Husted:''' It's unusual that a feature such as this comes without penality. If HDIV were native, what would be the performance cost? Complexity cost? = Validation = + '''Martin Cooper:''' How does HDIV's editable content validation interact with the validation mechanisms that we already have built into Struts? Is someone using HDIV - How does HDIV's editable content validation interact with the validation - mechanisms that we already have built into Struts? Is someone using HDIV with Struts going to be writing their validations using HDIV's format, Commons Validator's format, or both? = Usability = + '''Martin Cooper:''' How much of the functionality of HDIV is only available for people using JSP with tag libraries? If I'm using Velocity, or not using server-side - How much of the functionality of HDIV is only available for people using - JSP with tag libraries? If I'm using Velocity, or not using server-side presentation at all, how much of HDIV do I lose?
