[Owasp-esapi-c++] Location of some crypto gear (Java -> C++)

Jeffrey Walton noloader at gmail.com
Fri Aug 12 15:08:55 EDT 2011


> P.S- Sorry for the TPing. Gotta mtg in 1 min.
NP. Looking in the Java sources (online), I don't see
DefaultEncryptor.java in esapi/, esapi/crypto/, or esapi/reference/.

Jeff

On Fri, Aug 12, 2011 at 3:02 PM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
> The Java 'inerfaces' were all at the 'esapi' level. The
> implementations (for the crypto stuff)
> were at esapi/reference/crypto.
>
> C++ doesnt' have interfaces, but it does have Abstract Base Classes
> which more or
> less serve a similar purpose. So, I would propose that we place things like
> 'Encryptor.h' in 'esapi' folder and 'DefaultEncryptor.cpp' (which is
> implementation
> of Encryptor ABC) in 'esapi/crypto' or (perhaps) 'esapi/reference/crypto'.
>
> Given that its a heck of a lot harder to implement alternate ABC implementations
> and simply use them by wiring them into some ESAPI properties file (C++
> lacks reflection and it's RTTI isn't well suited for this either), I can't see
> very many folks developing alternatives in the first place. Therefore, it
> might not make sense to create 'esapi/reference/encoder',
> 'esapi/reference/crypto',
> etc. to hold the reference implementation. But if someone wants to do it
> that way b/c that's how you roll, well, I'm not going to put up a big
> fuss either.
> This is not a hot button for me.
>
> -kevin
> P.S- Sorry for the TPing. Gotta mtg in 1 min.
>
> On Fri, Aug 12, 2011 at 2:40 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>> Hi All,
>>
>> Some of the crypto stuff is located in the esapi/ folder rather that
>> the esapi/crypto/ folder. For example, see java's Encryptor.h at
>> http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/
>>
>> Should the C++ files do the same?
>>
>> Jeff
>> _______________________________________________
>> Owasp-esapi-c++ mailing list
>> Owasp-esapi-c++ at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-esapi-c++
>>
>
>
>
> --
> Blog: http://off-the-wall-security.blogspot.com/
> "The most likely way for the world to be destroyed, most experts agree,
> is by accident. That's where we come in; we're computer professionals.
> We *cause* accidents."        -- Nathaniel Borenstein
>


More information about the Owasp-esapi-c++ mailing list