[OWASP-ESAPI] ESAPI for RIA
jeremy.long at gmail.com
Tue Nov 10 21:22:58 EST 2009
So - with item 2, a modular API. While I completely agree my concern is if
the development team is using a different framework (YUI, JQuery, etc) -
they all have their own bootstrap mechanism. So we would be duplicating the
On Tue, Nov 10, 2009 at 7:59 PM, Chris Schmidt <chrisisbeef at gmail.com>wrote:
> So here are a couple of the architecture decisions that I have gotten
> started with:
> alongside server-side ESAPI implementations. With this in mind, I have
> chosen the Dean Edwards Base.js library to provide the standard OO
> functionality ( http://dean.edwards.name/weblog/2006/03/base ).
> - ESAPI-RIA shall be a modular API, so that things are only downloaded when
> they are being used on the client-side. Also, if the developer knows that
> certain components will be required beforehand, the ability to
> bootstrap-load the required modules should be available and easy to
> ( http://ajile.net )
> - ESAPI-RIA shall provide a layer of security against client-side
> This will be done through using privatized variables.
> These are the general principles that I think are the starting point for
> the project, and as I stated before, nothing is set in stone here. I think
> that it is important to try to get a decent plan together before we start
> throwing code into the repository and these are some of the key decisions
> that need to be made before we go forward with architecting the actual
> security controls for the ESAPI that will be provided to RIA.
> I look forward to hearing everyone's thoughts on the matter!
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI