[OWASP-ESAPI] Validation
silky
michaelslists at gmail.com
Sat Apr 12 06:07:50 EDT 2008
surely the approach would be to deprecate the other api's and add your
ones; don't actually delete them.
On Sat, Apr 12, 2008 at 6:09 PM, Jim Manico <jim at manico.net> wrote:
>
> Hello,
>
> I still think we need to make some major changes to the current ESAPI
> Validation strategy.
>
> Summary:
>
> 1) Have most IValidator functions return the validated data, and throw a
> org.owasp.esapi.errors.ValidationException on error.
> 2) I'm using ESAPI for a project that I'm currently working on - and I have
> a need to validate integers for some fields, and doubles for others.
> 3) Number range checking is still missing.
>
> Examples:
>
> 1a) boolean isValidCreditCard(String context, String value); goes away.
> 1b) String isValidCreditCard(String context, String value) throw
> ValidationException get added
>
> 2a) boolean isValidNumber(String input); goes away
> 2b) Double isValidDouble(String input, double min, double max) gets added
> 2b) Integer isValidInteger(String input, int min, int max) gets added
>
> Another reason why ALL boolean return values should go away for the
> Validation strategy is that we need a deeper message as to why validation is
> failing.
>
> If you give me the OK, Jeff, I'll make this change to the interface and
> reference implementation myself.
> --
> Jim Manico, Senior Application Security Engineer
> jim.manico at aspectsecurity.com | jim at manico.net
> (301) 604-4882 (work)
> (808) 652-3805 (cell)
>
> Aspect Security™
> Securing your applications at the source
> http://www.aspectsecurity.com
>
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi
>
>
--
http://lets.coozi.com.au/
There's not a problem I can't fix, because I can do it in the mix.
More information about the OWASP-ESAPI
mailing list