[Esapi-user] Authenticator

Jim Manico jim.manico at owasp.org
Wed Apr 21 10:34:01 EDT 2010


This is an excellent idea worth further consideration.

Can you please enter this request in our bug/feature tracking system at 
Google Code?

http://code.google.com/p/owasp-esapi-java/issues/entry

Thanks for your feedback, Nicholas,

-- 
Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager
http://www.manico.net



>
> All,
>
> I'm considering using ESAPI for my Java web application, however I 
> have some questions/concerns.
>
> I was looking at the Authenticator class for Java and noticed methods 
> for "verifyPasswordStrength" and "generateStrongPassword".  I would 
> like to use both methods to augment our existing portal architecture 
> which does not support (or at least is not obvious to me) password 
> strength checking other than requiring passwords of a configurable 
> length.  As the portal handles the authentication for our application, 
> I wasn't keen on trying to map the internal portal SDK to the 
> Authenticator Interface, just to get support for password strength 
> validation.  I may be alone in my thinking, but shouldn't these 
> stand-alone methods be moved to a separate concrete class with static 
> implementations of the methods.  Or at minimum another interface, 
> AuthenticatorUtil for instance, that has these methods and can be 
> overridden to provide a custom implementation or the base reference 
> implementation can be used.
>
> I'd be happy to hear an alternative proposal to what I suggested, as 
> I'm a new to ESAPI or even an alternative way to doing what I've 
> suggested.
>
> Nicholas Choate
>
> **********************************************************************
>
> This communication contains information which is confidential and
>
> may also be privileged. It is for the exclusive use of the intended
>
> recipient(s). If you are not the intended recipient(s), please note
>
> that any distribution, copying or use of this communication or the
>
> information in it is strictly prohibited. If you have received this
>
> communication in error, please notify the sender immediately and
>
> then destroy any copies of it.
>
> **********************************************************************
>
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>    


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100421/a79adedc/attachment.html 


More information about the Esapi-user mailing list