We have a Velocity template for a receipt. The template includes the Tax Identification Number, the value of which will be substituted at the time of receipt generation. This is to ensure the TIN of the real license holder is printed on the receipt.
How can we prevent the end user from hardcoding the TIN number in the template itself? Is there a way for Velocity to throw an exception if it can't find a field in the template at the time of merging?
Is the user allowed to customize other parts of the template?
If not, you could include an md5 checksum for the template in your program and check if the file has been tampered with.
Not sure if this is worth the effort, though. There are many other ways for a malicious user to fake the receipt, and you cannot stop all of them.
You may be better off by protecting the template itself, rather than by trying to get Velocity to report on incorrect operations. Velocity is pretty tolerant of missing fields etc. so I suspect it won't do what you want.
Can you protect the template by signing it or similar ? That way it should be immediately detectable if someone has interfered with it.