xml-dev - Re: [xml-dev] Distributed versus local processing

Re: [xml-dev] Distributed versus local processing

[ Lists Home | Date Index | Thread Index ]

To: xml-dev@lists.xml.org
Subject: Re: [xml-dev] Distributed versus local processing
From: Miles Sabin <miles@milessabin.com>
Date: Thu, 31 Oct 2002 20:27:53 +0000
In-reply-to: <E187Jro-0004c2-00@calvin.frontwire.com>
References: <36C08A70-E9A2-11D6-9F26-0030657E2F34@mac.com> <3DC15B34.50809@prescod.net> <E187Jro-0004c2-00@calvin.frontwire.com>

Alaric B. Snell wrote,
> On Thursday 31 October 2002 16:32, Paul Prescod wrote:
> > Alaric B. Snell wrote,
> > > Remote o = Naming.lookup (<registry name>);
> > > Method m = o.getClass ().getMethod (<method>,new Object[0]);
> > > Object result = m.invoke (o, new Object[0]);
> > >
> > > System.out.println (result.toString ());
> >
> > This makes no logical sense. In order to get the data for a stock
> > quote I have to download an appropriate class, find a static
> > method, invoke a method coerce the result to string and return it?
>
> Not done much Java? Ok. What it says is:
>
> 1) Get a "connection" to the object given the name. Call the result'o'
> 2) Find the zero-param method with the given name on that object
> 3) Call the method (giving it an empty list of arguments)
> 4) Ask the result to display itself

I think Paul is probably boggling at the hoops you're jumping through 
merely to get a string result when you could just as easily have gotten 
the string directly from the remote service via a much less heavyweight 
protocol.

There are times and places for extruding remote behaviour into a local 
execution context, but your toy example hardly gives a compelling 
example of one.

> > > That tool can be compiled up and then used to call any zero
> > > argument getter method anywhere. If you want to get into ones
> > > with arguments then there's a UI issue of setting up arbitrary
> > > Java objects for parameters, but it's still doable. You should
> > > really call result.toString () in a sandbox, too, since it'd be
> > > arbitrary code, but I'm leaving that out for the sake of ease.
> >
> > You think people should trust the Java sandbox with the execution
> > of their most crucial business processes?

I can't resist the temptation to plug the forthcoming Java Application 
Isolation API which (modulo flawed implementations) will make the local 
execution of untrusted remote code in the way Alaric's suggesting a 
much less risky proposition than it is now,

  http://www.jcp.org/jsr/detail/121.jsp

It's in community review at the moment, and should be in public review 
in a couple of weeks. Hopefully you'll see it in the next rev of J2SE 
and a subset in J2ME.

Cheers,


Miles

References:
- Note from the Troll
  - From: tblanchard@mac.com
- Distributed versus local processing
  - From: Paul Prescod <paul@prescod.net>
- Re: [xml-dev] Distributed versus local processing
  - From: "Alaric B. Snell" <alaric@alaric-snell.com>

Prev by Date: RE: [xml-dev] Newbie question:DTD problem(#PCDATA)
Next by Date: Re: [xml-dev] Character Entities: An XML Core WG View
Previous by thread: Re: [xml-dev] Distributed versus local processing
Next by thread: Re: [xml-dev] Note from the Troll
Index(es):
- Date
- Thread