grails - does importing domains in Gsp make the pages vulnerable -
say page import of domain in gsp, example:
<%@ page import="com.sample.entity.book" %> to use page via
<g:select from="${book.list()}" optionkey="id" optionvalue="title" name="booksample"/> is bad programming practice use import? new grails , have seen practice in lot of tutorials, lead discourage me because according him hackers can data db. i've been arguing against guess need support.
i agree on above more ideal use controller list of books - think not idea using <%@ page import="" %> bad coding because makes page vulnerable.
i know gsps compiled , no reference of import visible html pages.
update: thank giving inputs. i've updated question give more focus. if told wrong , reason - kind of think beyond best practices , more on security, can't imagine how, through import
i'm not sure "hackers bad things" reasoning, there better approach using gorm directly in gsp.
let's clear, using gorm directly in gsp isn't technically wrong, it's bad practice. why? it's not giving clear separation of model , view.
your view (gsp) shouldn't building model. should using render view. controller, however, should build model view (gsp) uses.
in example model comes gorm query. however, in future may end delegating service uses micro-service instead.
since model being constructed in controller , not gsp won't have comb through gsps , find need refactor that. should simple changing controller.
that's real reason why should avoid using gorm in gsp directly. separation of concerns.
as far actual importing of domain concerned? that's not bad practice, since model contain domain instances. it's bit verbose (and not needed part) verbosity lends documenting domain classes being used view.
i typically don't use specific imports in gsps because i've found model changes on time , maintaining imports becomes issue.
update after giving more thought can't life of me come true reason why using imports in gsp considered security risk. you're lead has lot of explaining do, or need replace him.