[Owasp-appsensor-project] AppSensorServiceController in a distributed environment
John Melton
jtmelton at gmail.com
Tue Sep 6 21:59:46 EDT 2011
Michael,
No way you would've known this, but Luke and I have worked together offline,
and he even was kind enough to send in some patches to apply this concept.
You should see a note from me in a few days about applying his patches to
add this new functionality.
Thanks,
John
On Tue, Sep 6, 2011 at 9:30 PM, Michael Coates <michael.coates at owasp.org>wrote:
> John M,
>
> Your thoughts? I defer to you on the specifics of the code base.
>
>
>
> Luke,
>
> Great to hear that its working so well for you. I'd really love to get some
> information on how AppSensor is being used in your application. I think our
> project could really benefit from a few "real life" testimonials.
>
>
>
> Michael Coates
> OWASP
>
>
>
> On Sep 2, 2011, at 6:54 AM, Luke Biddell wrote:
>
> > Chaps,
> >
> > I'm plumbing in AppSensor and currently switching out elements (such as
> the IntrusionStore) for more persistent implementations (eg a
> MembaseIntrusionStore etc).
> >
> > The only place I've come unstuck is the AppSensorServiceController
> implementation that's used behind AppSensorRequestBlockingFilter. The
> service and perUser service stores are static Hashtables, ideally I'd switch
> those out for MemBase or whatever so they don't just apply to the current
> node, they apply across all distributed nodes. But I can't see how without
> writing my own filter, service controller and response actions. The code
> would largely be a clone or your defaults, give or take, which seems a shame
> when it's so close. This would be made easier if some of the action methods
> in DefaultResponseAction were protected; then I could just override the
> disableComponent* methods and wire them into my service controller and
> filter.
> >
> > Perhaps an AppSensorServiceStore in a similar pattern to the
> IntrustionStore could be employed? Then I could use it pretty much as is.
> >
> >
> >
> > Luke
> >
> >
> >
> > PS - thanks for a great product, it integrates pretty well into Jersey
> JAX-RS using a custom ExceptionMapper.
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Owasp-appsensor-project mailing list
> > Owasp-appsensor-project at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20110906/a97f93c3/attachment.html
More information about the Owasp-appsensor-project
mailing list