[Esapi-user] Esapi-user Digest, Vol 20, Issue 12

Dan Cornell dan at denimgroup.com
Thu Jul 28 11:08:17 EDT 2011


I'll do you one better and send you a patch. Bigger question is where else does this guidance need to go?

Thanks

Dan


Sent from my iPhone

On Jul 28, 2011, at 9:52 AM, "Jim Manico" <jim.manico at owasp.org<mailto:jim.manico at owasp.org>> wrote:

I agree Dan, we really need stronger javadoc language here. Can you please register a bug on google code for this and assign to me?  I'll handle it as soon as I can.

- Jim Manico

On Jul 28, 2011, at 8:33 AM, Dan Cornell <<mailto:dan at denimgroup.com>dan at denimgroup.com<mailto:dan at denimgroup.com>> wrote:

I agree 100%, Jeff. All encoders are important for intrusion detection and canonicalization. I was •only• commenting on my desire to see dev's use query parameterization over manual encoding.

Sorry for the mix up.

What is the best way to communicate that to developers so that the Codecs aren’t misused?  The Javadocs  for the database codecs could be updated and that might help.  Any other ideas?

Thanks,

Dan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110728/4be3870e/attachment.html 


More information about the Esapi-user mailing list