[Esapi-dev] [Esapi-user] ESAPI 1.4.2
jim.manico at owasp.org
Thu Jan 14 20:38:32 EST 2010
This is good a good strategic request, please drop it in Google code! :)
I'd like to focus on tactical stability needs only for 1.4.2....
> I would like to see in general (i.e. not specific to this version or
> language) much more verbose "DEBUG" logging, particularly when it
> comes to validating and encoding/escaping, so that one could for
> instance instruct a development team who's using an adapter that I've
> built for them to turn it to debug, re-run their tests, and send me
> the console output, where the audit records are detailed enough to
> troubleshoot the security control in question. For example, to output
> human-readable formatted bytes being input/output. PKI toolkits, the
> better put-together ones, have something similar, since debugging e.g.
> signatures can be equally painstaking.
> This is something actually that the ESAPI for PHP team is working on
> as an enhancement, to toot our own horns, as the first ESAPI team to
> publish an ESAPI adapter according to the extended factory design
> pattern as defined in the ESAPI design patterns doc.
> For whatever it's worth!
> On Thu, Jan 14, 2010 at 7:23 PM, Jim Manico <jim.manico at owasp.org
> <mailto:jim.manico at owasp.org>> wrote:
> I'm getting ready to do a "ESAPI 1.4.x" sprint over the weekend in
> to increase the quality of this branch.
> I've heard a mix of great success stories with 1.4, as well as
> some very
> frustrating challenges that are not easy to overcome.
> My tactical goals are:
> 1) Allow for programmatic disabling of the intrusion detector
> 2) Do another pass at the log4j logger and back-port some of the 2.0
> logging code to this branch. It needs it badly.
> 3) Stop releasing 1.4.x as a jar! argh! The 1.4.2 release needs to
> be a
> zip like the 2.0 branch where the property files are separated
> from the jar.
> 4) Double-check on
> http://code.google.com/p/owasp-esapi-java/issues/detail?id=21 and
> it out.
> I start this sprint in less than 24 hours and will have it
> deployed for
> the community before Monday.
> Any other thoughts?
> - Jim
> Jim Manico
> OWASP Podcast Host/Producer
> OWASP ESAPI Project Manager
> Esapi-user mailing list
> Esapi-user at lists.owasp.org <mailto:Esapi-user at lists.owasp.org>
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-dev