[Esapi-dev] Bug 141
jim.manico at owasp.org
Wed Nov 3 04:58:25 EDT 2010
But this is not a third-part dependency - it's a port from Java 1.6 to
Java 1.5, so I feel a lot better about it.
Lee - what kind of changes would we need to make to your patch for a
"pure" Java 1.5 patch?
Chris - we may want to consider using the 1.6 concurrency API for all of
ESAPI. It's stellar - and way ahead of 1.5.
> If there is any way to do it without adding another dep I would much
> prefer that route. I will try to take a look at this proposed patch
> Sent from my iPwn
> On Nov 2, 2010, at 11:37 PM, Jim Manico <jim.manico at owasp.org
> <mailto:jim.manico at owasp.org>> wrote:
>> Using the back-port of JSR166 for JDK 1.5 will mean a new jar
>> dependency ( http://gee.cs.oswego.edu/dl/concurrent/dist/jsr166.jar )
>> and only for users of this one filter.
>> Franky, I''m in favor of this - since this dependency will go away
>> once we migrate to Java 1.6. This is also a much better concurrency
>> framework than what exists in Java 1.5 and we may want to consider
>> using JSR166 a great deal more in ESAPI 2.0.
>> So I say, yes, but it's a controversial yes and I'd like other ESAPI
>> dev's to chime in before we commit this change.
>> Thoughts folks?
>> - Jim
>> PS: Lee? You "Rock" :) thanks for this contribution.
>>> Hi Jim,
>>> Would it be possible to use the back port of JSR166 for Java5? :-
>>> *From:*Jim Manico [mailto:jim.manico at owasp.org]
>>> *Sent:* Tuesday, 2 November 2010 9:06 p.m.
>>> *To:* Lee Warren Gilbert; ESAPI-Developers
>>> *Subject:* Bug 141
>>> Your patch for the RequestRateThrottleFilter is excellent (and
>>> necessary). Would you consider tossing us a Java 1.5 version? We
>>> have not migrated to 1.6 yet, sir.
>>> Thanks for your donation, and thanks for considering making another
>>> pass at this.
>> Esapi-dev mailing list
>> Esapi-dev at lists.owasp.org <mailto:Esapi-dev at lists.owasp.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-dev