[Esapi-user] [Esapi-dev] ESAPI 2.0 crypto documentation

Josh Drummond joshdrummond at yahoo.com
Fri Apr 16 23:03:01 EDT 2010


Hi Kevin,

Finally got around to reading your new docs (most notably the user-guide) and updating my own open-source project converting away from the deprecated methods to the new CipherText serialized techniques we discussed a while back.  I'm happy to report that the documentation was easy to read/understand and the code changes in 2.0-rc6 worked very well, so thanks very much.  It might be worth suggesting using the Base64 encoding/decoding class also included in ESAPI in that document, however that might be obvious.  Sure for persistence, serializing the CipherText to a string requires a much longer database column than the old way, but it beats converting to blob columns, so its a good compromise!

Thanks,
~Josh


----- Original Message ----
From: Kevin W. Wall <kevin.w.wall at gmail.com>
To: Mike Boberski <mike.boberski at gmail.com>; ESAPI-Developers <esapi-dev at lists.owasp.org>; ESAPI-Users <Esapi-user at lists.owasp.org>
Sent: Sun, February 14, 2010 9:37:29 PM
Subject: [Esapi-dev] ESAPI 2.0 crypto documentation

Mike,

I took a first cut at 3 new / updated docs. You can find them at:

<http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-readme-crypto-changes.html>
        Describes reasons we are changing the ESAPI symmetric crypto for 2.0

<http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-ciphertext-serialization.pdf>
        Description of the portable serialization of CipherText objects. This is
    primarily for other ESAPI programming language implementations if they
    wish to implement something that will be able to interact with the
    ESAPI Java 2.0 crypto.

<http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html>
        User Guide for Symmetric Encryption in ESAPI 2.0

Please provide feedback. Note that none of these updated documents are in the
latest ESAPI-2.0-rc5.zip file.

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME

_______________________________________________
Esapi-dev mailing list
Esapi-dev at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/esapi-dev


      


More information about the Esapi-user mailing list