[Esapi-dev] [Esapi-user] ESAPI 1.4.2

Jim Manico jim.manico at owasp.org
Thu Jan 14 20:38:32 EST 2010

This is good a good strategic request, please drop it in Google code! :)

I'd like to focus on tactical stability needs only for 1.4.2....


- Jim

> I would like to see in general (i.e. not specific to this version or
> language) much more verbose "DEBUG" logging, particularly when it
> comes to validating and encoding/escaping, so that one could for
> instance instruct a development team who's using an adapter that I've
> built for them to turn it to debug, re-run their tests, and send me
> the console output, where the audit records are detailed enough to
> troubleshoot the security control in question. For example, to output
> human-readable formatted bytes being input/output. PKI toolkits, the
> better put-together ones, have something similar, since debugging e.g.
> signatures can be equally painstaking.
> This is something actually that the ESAPI for PHP team is working on
> as an enhancement, to toot our own horns, as the first ESAPI team to
> publish an ESAPI adapter according to the extended factory design
> pattern as defined in the ESAPI design patterns doc.
> For whatever it's worth!
> Best,
> Mike
> On Thu, Jan 14, 2010 at 7:23 PM, Jim Manico <jim.manico at owasp.org
> <mailto:jim.manico at owasp.org>> wrote:
>     I'm getting ready to do a "ESAPI 1.4.x" sprint over the weekend in
>     order
>     to increase the quality of this branch.
>     I've heard a mix of great success stories with 1.4, as well as
>     some very
>     frustrating challenges that are not easy to overcome.
>     My tactical goals are:
>     1) Allow for programmatic disabling of the intrusion detector
>     2) Do another pass at the log4j logger and back-port some of the 2.0
>     logging code to this branch. It needs it badly.
>     3) Stop releasing 1.4.x as a jar! argh! The 1.4.2 release needs to
>     be a
>     zip like the 2.0 branch where the property files are separated
>     from the jar.
>     4) Double-check on
>     http://code.google.com/p/owasp-esapi-java/issues/detail?id=21 and
>     close
>     it out.
>     I start this sprint in less than 24 hours and will have it
>     deployed for
>     the community before Monday.
>     Any other thoughts?
>     - Jim
>     --
>     Jim Manico
>     OWASP Podcast Host/Producer
>     OWASP ESAPI Project Manager
>     http://www.manico.net
>     _______________________________________________
>     Esapi-user mailing list
>     Esapi-user at lists.owasp.org <mailto:Esapi-user at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/esapi-user

Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-dev/attachments/20100114/f3413c97/attachment.html 

More information about the Esapi-dev mailing list