[Esapi-user] Database-based Authentication

Owen Berger owen.k.berger at gmail.com
Fri Jun 25 01:01:56 EDT 2010


Hello All,

I am a new developer and have a question about adapting a work-in-progress
website over to something that either uses the ESAPI library or its
principles in most aspects of the security. Are you the right people to ask?
If not, please don't read anything after this paragraph and please guide to
me to the proper forum.

Thank you,

Owen Berger

My question, if this is the right place, concerns the Authenticator portion
of ESAPI, which seems to be interwoven in both session and user management.
My specific question is this, and sorry if it took awhile to get here - is
there a Database-backed authentication mechanism out there, either by
library or example? I wish to use the ESAPI authenticator, but need one that
isn't defaulted to the FileBasedAuthenticator.  Has this been done, or do I
simply need to adapt the FileBasedAuthenticator to a new class with my own
methods that interact with the database, and call something like
DBAuthenticator auth = DBAuthenticator.getInstance()? Should the
authenticator then call my own account class that implements the ESAPI User
Interface? I am concerned that in creating all my own stuff I will be
missing something, or is that the whole point, that ESAPI is just the
stepping stone? Thank you again if you read this far.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100624/5d2e5b2f/attachment.html 


More information about the Esapi-user mailing list