[Esapi-user] Esapi-user Digest, Vol 20, Issue 12

Jim Manico jim.manico at owasp.org
Thu Jul 28 19:09:56 EDT 2011


Good deal, Dan :) After I get this patch I'll poke around and see where else
I can add this info.

Thanks all,
- Jim Manico

On Jul 28, 2011, at 10:08 AM, Dan Cornell <dan at denimgroup.com> wrote:

I'll do you one better and send you a patch. Bigger question is where else
does this guidance need to go?

Thanks

Dan


Sent from my iPhone

On Jul 28, 2011, at 9:52 AM, "Jim Manico" <jim.manico at owasp.org> wrote:

I agree Dan, we really need stronger javadoc language here. Can you please
register a bug on google code for this and assign to me?  I'll handle it as
soon as I can.

- Jim Manico

On Jul 28, 2011, at 8:33 AM, Dan Cornell < <dan at denimgroup.com>
dan at denimgroup.com> wrote:

I agree 100%, Jeff. All encoders are important for intrusion detection and
canonicalization. I was •only• commenting on my desire to see dev's use
query parameterization over manual encoding.



Sorry for the mix up.



What is the best way to communicate that to developers so that the Codecs
aren’t misused?  The Javadocs  for the database codecs could be updated and
that might help.  Any other ideas?



Thanks,



Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110728/be47e5fa/attachment.html 


More information about the Esapi-user mailing list