[Esapi-user] sanitiseAlpha20, sanitiseDate, sanitiseNo

Jim Manico jim.manico at owasp.org
Thu Aug 12 17:36:28 EDT 2010


This is on our immediate roadmap. 

As soon as 2.0 is final (if not sooner), we are going to start breaking
ESAPI into smaller pieces (how is still being debated) as well as attempt to
reduce 3rd party dependencies. I'll keep the lists posted on this next wave
of effort.

- Jim

-----Original Message-----
From: esapi-user-bounces at lists.owasp.org
[mailto:esapi-user-bounces at lists.owasp.org] On Behalf Of Yiannis Pavlosoglou
Sent: Monday, August 09, 2010 5:32 AM
To: ESAPI-Developers; ESAPI-Users
Subject: [Esapi-user] sanitiseAlpha20, sanitiseDate, sanitiseNo

Hi all,

Without wanting to steal Kevin's previous thread, on what ESAPI can do
going forward, I have been getting some feedback on a thread posted
not too long ago. The feedback comes from folks in the trenches, so to
speak i.e. "Yiannis, I need 50 lines of code that drop what should not
be there". The original thread:

http://www.webappsec.org/lists/websecurity/archive/2010-05/msg00003.html

The above has a .NET & Java methods implemented. Now, I am a newcomer
to ESAPI, in that I have only used specific subcomponents of it (e.g.
preventing oracle sql injection) so what I am about to request is
probably already somewhere in the APIs.

Is it trivial enough to put together a set of no more than a handful
strict, static methods of the type seen in the post above and flag
them as that, i.e. sanitisation routines, for people that would like
to simply not worry about logging, etc. but all-in-all just dropping
characters they are not expecting as input?

My apologies in advance if they are already in place; perhaps document
them and group them in something straight-forward of the type
org.owasp.security.simple?

This idea evolves around simplifying the process of calling esapi,
perhaps putting together an esapi-light that I would be more than
happy to help code, need be.

Thank you and.. keep up the good work!

Yiannis
_______________________________________________
Esapi-user mailing list
Esapi-user at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/esapi-user



More information about the Esapi-user mailing list