[OWASP-ESAPI] ESAPI for RIA
Jeremy Long
jeremy.long at gmail.com
Tue Nov 10 21:22:58 EST 2009
So - with item 2, a modular API. While I completely agree my concern is if
the development team is using a different framework (YUI, JQuery, etc) -
they all have their own bootstrap mechanism. So we would be duplicating the
bootstrap code.
--Jeremy
On Tue, Nov 10, 2009 at 7:59 PM, Chris Schmidt <chrisisbeef at gmail.com>wrote:
> So here are a couple of the architecture decisions that I have gotten
> started with:
>
> - ESAPI-RIA shall use OO JavaScript to simplify using it in applications
> alongside server-side ESAPI implementations. With this in mind, I have
> chosen the Dean Edwards Base.js library to provide the standard OO
> functionality ( http://dean.edwards.name/weblog/2006/03/base ).
>
> - ESAPI-RIA shall be a modular API, so that things are only downloaded when
> they are being used on the client-side. Also, if the developer knows that
> certain components will be required beforehand, the ability to
> bootstrap-load the required modules should be available and easy to
> implement. To do this I have chosen the Ajile JavaScript Library which
> provides a clean and powerful component management framework for JavaScript
> ( http://ajile.net )
>
> - ESAPI-RIA shall provide a layer of security against client-side
> JavaScript being executed that changes the configured state of the ESAPI.
> This will be done through using privatized variables.
>
> These are the general principles that I think are the starting point for
> the project, and as I stated before, nothing is set in stone here. I think
> that it is important to try to get a decent plan together before we start
> throwing code into the repository and these are some of the key decisions
> that need to be made before we go forward with architecting the actual
> security controls for the ESAPI that will be provided to RIA.
>
> I look forward to hearing everyone's thoughts on the matter!
>
>
>
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20091110/a14fd3d3/attachment.html
More information about the OWASP-ESAPI
mailing list