[Esapi-dev] Bug 141

Jim Manico jim.manico at owasp.org
Wed Nov 3 04:58:25 EDT 2010 

But this is not a third-part dependency - it's a port from Java 1.6 to 
Java 1.5, so I feel a lot better about it.

Lee - what kind of changes would we need to make to your patch for a 
"pure" Java 1.5 patch?

Chris - we may want to consider using the 1.6 concurrency API for all of 
ESAPI. It's stellar - and way ahead of 1.5.

- Jim



> If there is any way to do it without adding another dep I would much 
> prefer that route. I will try to take a look at this proposed patch 
> tomorrow
>
> Sent from my iPwn
>
> On Nov 2, 2010, at 11:37 PM, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>> Lee,
>>
>> Using the back-port of JSR166 for JDK 1.5 will mean a new jar 
>> dependency ( http://gee.cs.oswego.edu/dl/concurrent/dist/jsr166.jar ) 
>> and only for users of this one filter.
>>
>> Franky, I''m in favor of this - since this dependency will go away 
>> once we migrate to Java 1.6. This is also a much better concurrency 
>> framework than what exists in Java 1.5 and we may want to  consider 
>> using JSR166 a great deal more in ESAPI 2.0.
>>
>> So I say, yes, but it's a controversial yes and I'd like other ESAPI 
>> dev's to chime in before we commit this change.
>>
>> Thoughts folks?
>> - Jim
>>
>> PS: Lee? You "Rock" :) thanks for this contribution.
>>>
>>> Hi Jim,
>>>
>>> Would it be possible to use the back port of JSR166 for Java5?  :-
>>>
>>> http://sourceforge.net/projects/backport-jsr166/files/backport-jsr166/3.1/backport-util-concurrent-Java50-3.1.zip/download 
>>>
>>>
>>> Thanks,
>>>
>>> Lee
>>>
>>> *From:*Jim Manico [mailto:jim.manico at owasp.org]
>>> *Sent:* Tuesday, 2 November 2010 9:06 p.m.
>>> *To:* Lee Warren Gilbert; ESAPI-Developers
>>> *Subject:* Bug 141
>>>
>>> http://code.google.com/p/owasp-esapi-java/issues/detail?id=141&sort=milestone 
>>> <http://code.google.com/p/owasp-esapi-java/issues/detail?id=141&sort=milestone>
>>>
>>> Lee,
>>>
>>> Your patch for the RequestRateThrottleFilter is excellent (and 
>>> necessary). Would you consider tossing us a Java 1.5 version? We 
>>> have not migrated to 1.6 yet, sir.
>>>
>>> Thanks for your donation, and thanks for considering making another 
>>> pass at this.
>>>
>>> Cheers,
>>> Jim
>>>
>>
>> _______________________________________________
>> Esapi-dev mailing list
>> Esapi-dev at lists.owasp.org <mailto:Esapi-dev at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/esapi-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-dev/attachments/20101103/e10ea060/attachment.html

More information about the Esapi-dev mailing list