[Esapi-user] Note on possible Validator API change

Jim Manico jim.manico at owasp.org
Mon Dec 28 13:04:00 EST 2009


Several members of the ESAPI development team feel that the isValidX validation functions all need to go.

These functions do NOT return canonizalized data and can lead to bad practice.

So I'd like to:
 
1) Drop all the "isX" from the Validator interface (deprecate for ESAPI 2.0, remove for ESAPI 3.0)
2) Leave those functions in the reference impl (DefaultValidator) as "protected"
 
Does this harm anyone?  Please speak up if so...

-- 

- Jim Manico
OWASP ESAPI Project Manager
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

OWASP Podcast Host/Producer
http://www.owasp.org/index.php/OWASP_Podcast



More information about the Esapi-user mailing list