[Esapi-user] ESAPI 1.4.2

Mike Boberski mike.boberski at gmail.com
Thu Jan 14 20:44:00 EST 2010


Sure, will do + fair enough.

Mike


On Thu, Jan 14, 2010 at 8:38 PM, Jim Manico <jim.manico at owasp.org> wrote:

>  This is good a good strategic request, please drop it in Google code! :)
>
> I'd like to focus on tactical stability needs only for 1.4.2....
>
> Acceptable?
>
> - Jim
>
>
> I would like to see in general (i.e. not specific to this version or
> language) much more verbose "DEBUG" logging, particularly when it comes to
> validating and encoding/escaping, so that one could for instance instruct a
> development team who's using an adapter that I've built for them to turn it
> to debug, re-run their tests, and send me the console output, where the
> audit records are detailed enough to troubleshoot the security control in
> question. For example, to output human-readable formatted bytes being
> input/output. PKI toolkits, the better put-together ones, have something
> similar, since debugging e.g. signatures can be equally painstaking.
>
> This is something actually that the ESAPI for PHP team is working on as an
> enhancement, to toot our own horns, as the first ESAPI team to publish an
> ESAPI adapter according to the extended factory design pattern as defined in
> the ESAPI design patterns doc.
>
> For whatever it's worth!
>
> Best,
>
> Mike
>
>
> On Thu, Jan 14, 2010 at 7:23 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> I'm getting ready to do a "ESAPI 1.4.x" sprint over the weekend in order
>> to increase the quality of this branch.
>>
>> I've heard a mix of great success stories with 1.4, as well as some very
>> frustrating challenges that are not easy to overcome.
>>
>> My tactical goals are:
>>
>> 1) Allow for programmatic disabling of the intrusion detector
>> 2) Do another pass at the log4j logger and back-port some of the 2.0
>> logging code to this branch. It needs it badly.
>> 3) Stop releasing 1.4.x as a jar! argh! The 1.4.2 release needs to be a
>> zip like the 2.0 branch where the property files are separated from the
>> jar.
>> 4) Double-check on
>> http://code.google.com/p/owasp-esapi-java/issues/detail?id=21 and close
>> it out.
>>
>> I start this sprint in less than 24 hours and will have it deployed for
>> the community before Monday.
>>
>> Any other thoughts?
>>
>> - Jim
>>
>>
>>
>> --
>> Jim Manico
>> OWASP Podcast Host/Producer
>> OWASP ESAPI Project Manager
>> http://www.manico.net
>>
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>
>
>
>
> --
> Jim Manico
> OWASP Podcast Host/Producer
> OWASP ESAPI Project Managerhttp://www.manico.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100114/f22f6db3/attachment.html 


More information about the Esapi-user mailing list