[OWASP-ESAPI] Validation

Jim Manico jim at manico.net
Sat Apr 12 07:04:46 EDT 2008 

 >  surely the approach would be to deprecate the other api's

Well, that assumes Jeff even agrees. =)

But your point is well taken - if I get the go ahead - I'll deprecate 
the old API's and have the new API's call the old in the reference 
implementation.

Something along these lines:

public boolean oldValidationFunction(String data) {
    try {
        String result = newValidationFunction(data);
    } catch (ValidationFunction e) {
        return false;
    }
    return true;
}


> surely the approach would be to deprecate the other api's and add your
> ones; don't actually delete them.
>
>
> On Sat, Apr 12, 2008 at 6:09 PM, Jim Manico <jim at manico.net> wrote:
>   
>>  Hello,
>>
>>  I still think we need to make some major changes to the current ESAPI
>> Validation strategy.
>>
>>  Summary:
>>
>>  1) Have most IValidator functions return the validated data, and throw a
>> org.owasp.esapi.errors.ValidationException on error.
>>  2) I'm using ESAPI for a project that I'm currently working on - and I have
>> a need to validate integers for some fields, and doubles for others.
>>  3) Number range checking is still missing.
>>
>>  Examples:
>>
>>  1a) boolean isValidCreditCard(String context, String value); goes away.
>>  1b) String isValidCreditCard(String context, String value) throw
>> ValidationException get added
>>
>>  2a) boolean isValidNumber(String input); goes away
>>  2b) Double isValidDouble(String input, double min, double max) gets added
>>  2b) Integer isValidInteger(String input, int min, int max) gets added
>>
>>  Another reason why ALL boolean return values should go away for the
>> Validation strategy is that we need a deeper message as to why validation is
>> failing.
>>
>>  If you give me the OK, Jeff, I'll make this change to the interface and
>> reference implementation myself.
>>  --
>> Jim Manico, Senior Application Security Engineer
>> jim.manico at aspectsecurity.com | jim at manico.net
>> (301) 604-4882 (work)
>> (808) 652-3805 (cell)
>>
>> Aspect Security™
>> Securing your applications at the source
>> http://www.aspectsecurity.com
>>
>> _______________________________________________
>>  OWASP-ESAPI mailing list
>>  OWASP-ESAPI at lists.owasp.org
>>  https://lists.owasp.org/mailman/listinfo/owasp-esapi
>>
>>
>>     
>
>
>
>   


-- 
Jim Manico, Senior Application Security Engineer
jim.manico at aspectsecurity.com | jim at manico.net
(301) 604-4882 (work)
(808) 652-3805 (cell)

Aspect Security™
Securing your applications at the source
http://www.aspectsecurity.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20080412/c13d1faf/attachment.html

More information about the OWASP-ESAPI mailing list