Any one using Tomcat Server Side Include (SSI) support?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Any one using Tomcat Server Side Include (SSI) support?

markt
Hi,

I'm currently working on an old bug to improve the SSI support in Tomcat
[1]. Note that the original bug dates back to 2010.

I'm going to fix [1] if I can. SSI support is part of the current
release and the functionality is missing.

However, I got to wondering just how many folks are actually using SSI.
Does it make sense to deprecate SSI support in 9.0.x and remove it in
10.0.x? It isn't a big deal to maintain support if it is required but
neither do I think we should continue to maintain somethign no-one needs.

So, is anyone using SSI in Tomcat?

Mark



[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=53387

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Any one using Tomcat Server Side Include (SSI) support?

Christopher Schultz-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 6/26/18 1:48 PM, Mark Thomas wrote:

> Hi,
>
> I'm currently working on an old bug to improve the SSI support in
> Tomcat [1]. Note that the original bug dates back to 2010.
>
> I'm going to fix [1] if I can. SSI support is part of the current
> release and the functionality is missing.
>
> However, I got to wondering just how many folks are actually using
> SSI. Does it make sense to deprecate SSI support in 9.0.x and
> remove it in 10.0.x? It isn't a big deal to maintain support if it
> is required but neither do I think we should continue to maintain
> somethign no-one needs.
>
> So, is anyone using SSI in Tomcat?

+1 to deprecate-and-remove

SSI is:

1. little used
2. easy to configure insecurely
3. more conveniently-configured using another component (e.g. httpd)
4. better-implemented as a servlet/JSP/whatever

I think the Internet moved-on from SSIs around 2001. It's time Tomcat
did as well. I wouldn't object to a Tomcat sub-project for SSIs or
even a non-Apache GitHub project to implement SSIs as a set of
container-agnostic Filter/Servlet implementations or whatever.

But I don't think it belongs in the container code anymore.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsygXwACgkQHPApP6U8
pFgI1xAAp6+tZ/1BlkO2/gDd+Sm9N68dYXbxoQFp7cIMlfX6L57d9KlboVotMncT
4Ax5hUeVkzgGuJQvFCvSVlNvwQppv+jfpf9GIRfXLIjMj/OTNhqGOASDv9PQGXTn
RrOIMqwJy2AME8MNOJKuqo2ugbWp6PA+Dqq9W14ffa7ng5UGwfXUhlPEuD5g7R0Z
X0mVzJ+dUwaFDDrCW44xDCZtFDU6RaP4YaA4aBfjZTEkW5Al9bT3ul4C0jHAW2BU
3rNfLxhj89ywDp6JAP2mD6FmZL3F+QUk3FUxPD/SAcBXQwNweEsvkGvOq+5k5aUi
ycWkbbbFh5IIQ6ZkEmq5XG4RDCwwN3NEg3rnOpeF0f/tnYs/jEbtnHV2ZYa6NzMG
GTzwyijkA6UQ5s4LVTWy3zP8TARgXh2e+t24TClrQnrjYTFepFdcPr4G8kxAz/x+
LEsLsEJRmzkMDDzyyV5Ae8qyoIm7w+4RrzprV+fHbn/ksTxQxweXOEBy6nncix1G
VMYsNstvXwMNGE0EEmboUZ2Ovvd+qY5i/zw0NYTcsUyLcZ/sTVujwatg3drBhvd3
nJhCgQgnS+bTbqlWlRgs0JnvGS6CZ4J2nLwOwz2rI7MzMgxCL6d8xWR5BS+3lb34
FQRYLskm+Ltm64DnrEyjtuWfUH5TcY2D8A0OS+RMhf/mFAijfYc=
=vuWi
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]