[Owasp-esapi-c++] Logger (C++ XML Library)

Kevin W. Wall kevin.w.wall at gmail.com
Tue Aug 16 13:33:09 EDT 2011

On Tue, Aug 16, 2011 at 10:48 AM, Daniel Amodio
<dan.amodio at aspectsecurity.com> wrote:
> Jeff Walton wrote:
>> Currently (and in the past), Xerces has cropped up as a [recommended]
>> C++ XML parser.
>> Does anyone have any experience with the library (specifically, will it
>> meet production quality)? Does anyone have any recommendations for a C++
>> XML parser?
> Have not looked to deeply at it, but this may do what is needed:
> http://www.boost.org/doc/libs/1_43_0/doc/html/property_tree.html
> Alternatively, I hear pugixml is good http://code.google.com/p/pugixml/
> If boost can do it, we should use boost (since it's already a moderate
> overhead of a library)


I've never personally used the C++ version of Xerces, but we have used
the Java version and it works great and appears to be very stable. It
also performs well. One could only hope that the C++ version does as

Were you looking for a SAX-based rather than DOM-based parser? I think
Xerces (at least the Java version) supports both, although we've only used
the SAX APIs in Xerces (for XML Encrypt).

What do you plan on using it for? Some of the encoders? I don't quite
understand what logging has to do with it; log4j used log4j.xml for
it's configuration, but having an XML-based config file should not
be a requirement.

I think I'd agree with Daniel, if the Boost XML library works and
isn't a royal pain in the butt, probably makes sense. But it would
help if we knew what you intended it for as well as to whether you
are leaning toward SAX or DOM approach.

Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein

More information about the Owasp-esapi-c++ mailing list