[Esapi-user] Authenticator

Jim Manico jim.manico at owasp.org
Wed Apr 21 10:34:01 EDT 2010

This is an excellent idea worth further consideration.

Can you please enter this request in our bug/feature tracking system at 
Google Code?


Thanks for your feedback, Nicholas,

Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager

> All,
> I'm considering using ESAPI for my Java web application, however I 
> have some questions/concerns.
> I was looking at the Authenticator class for Java and noticed methods 
> for "verifyPasswordStrength" and "generateStrongPassword".  I would 
> like to use both methods to augment our existing portal architecture 
> which does not support (or at least is not obvious to me) password 
> strength checking other than requiring passwords of a configurable 
> length.  As the portal handles the authentication for our application, 
> I wasn't keen on trying to map the internal portal SDK to the 
> Authenticator Interface, just to get support for password strength 
> validation.  I may be alone in my thinking, but shouldn't these 
> stand-alone methods be moved to a separate concrete class with static 
> implementations of the methods.  Or at minimum another interface, 
> AuthenticatorUtil for instance, that has these methods and can be 
> overridden to provide a custom implementation or the base reference 
> implementation can be used.
> I'd be happy to hear an alternative proposal to what I suggested, as 
> I'm a new to ESAPI or even an alternative way to doing what I've 
> suggested.
> Nicholas Choate
> **********************************************************************
> This communication contains information which is confidential and
> may also be privileged. It is for the exclusive use of the intended
> recipient(s). If you are not the intended recipient(s), please note
> that any distribution, copying or use of this communication or the
> information in it is strictly prohibited. If you have received this
> communication in error, please notify the sender immediately and
> then destroy any copies of it.
> **********************************************************************
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100421/a79adedc/attachment.html 

More information about the Esapi-user mailing list