[Esapi-dev] [Esapi-user] ESAPI 1.4.2
mike.boberski at gmail.com
Thu Jan 14 20:44:00 EST 2010
Sure, will do + fair enough.
On Thu, Jan 14, 2010 at 8:38 PM, Jim Manico <jim.manico at owasp.org> wrote:
> This is good a good strategic request, please drop it in Google code! :)
> I'd like to focus on tactical stability needs only for 1.4.2....
> - Jim
> I would like to see in general (i.e. not specific to this version or
> language) much more verbose "DEBUG" logging, particularly when it comes to
> validating and encoding/escaping, so that one could for instance instruct a
> development team who's using an adapter that I've built for them to turn it
> to debug, re-run their tests, and send me the console output, where the
> audit records are detailed enough to troubleshoot the security control in
> question. For example, to output human-readable formatted bytes being
> input/output. PKI toolkits, the better put-together ones, have something
> similar, since debugging e.g. signatures can be equally painstaking.
> This is something actually that the ESAPI for PHP team is working on as an
> enhancement, to toot our own horns, as the first ESAPI team to publish an
> ESAPI adapter according to the extended factory design pattern as defined in
> the ESAPI design patterns doc.
> For whatever it's worth!
> On Thu, Jan 14, 2010 at 7:23 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> I'm getting ready to do a "ESAPI 1.4.x" sprint over the weekend in order
>> to increase the quality of this branch.
>> I've heard a mix of great success stories with 1.4, as well as some very
>> frustrating challenges that are not easy to overcome.
>> My tactical goals are:
>> 1) Allow for programmatic disabling of the intrusion detector
>> 2) Do another pass at the log4j logger and back-port some of the 2.0
>> logging code to this branch. It needs it badly.
>> 3) Stop releasing 1.4.x as a jar! argh! The 1.4.2 release needs to be a
>> zip like the 2.0 branch where the property files are separated from the
>> 4) Double-check on
>> http://code.google.com/p/owasp-esapi-java/issues/detail?id=21 and close
>> it out.
>> I start this sprint in less than 24 hours and will have it deployed for
>> the community before Monday.
>> Any other thoughts?
>> - Jim
>> Jim Manico
>> OWASP Podcast Host/Producer
>> OWASP ESAPI Project Manager
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
> Jim Manico
> OWASP Podcast Host/Producer
> OWASP ESAPI Project Managerhttp://www.manico.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-dev