Jim Manico jim.manico at aspectsecurity.com
Mon Sep 22 21:03:10 EDT 2008



This is awesome. That you for your efforts in making ESAPI easier to work with.


Ø  It is designed for those who wish to create their own implementations using only the ESAPI interfaces.



There are folks who are eager to see a more "drop in" version of ESAPI - in particular the encoder and validation functions.


Since the encoder functions do not require configuration, they are easy to "drop in." The Validation functions require regEx configuration file entries - and are not so easy to "drop in".


Would you consider adding the validation reference implementation with a "lite" version of the config file that only includes the few Validation config file entries? The new config-loading code that I wrote loads  the config file on the classpath and could be packaged inside of the jar file for easy "drop in".


Is there anything else anyone would like to see in the "drop in/lite" version of ESAPI?


Thanks again for all your efforts, Kevin,



From: owasp-esapi-bounces at lists.owasp.org [mailto:owasp-esapi-bounces at lists.owasp.org] On Behalf Of Kevin Fealey
Sent: Thursday, September 18, 2008 4:44 PM
To: owasp-esapi at lists.owasp.org
Subject: [OWASP-ESAPI] ESAPI Updates


Hey everyone,

For the past few weeks, I've been trying to make ESAPI a little easier to use.  I've updated a lot of the Javadocs, especially the interfaces, to remove any inaccuracies involving parameters, return values, and exceptions.  For developers who choose not to use the available reference implementations in ESAPI, we will be adding more detailed information on each of the methods contained in the interfaces, so those who choose to write their own implementations will have a solid understanding of what is required in each method to make it as secure as possible.  The most up-to-date Javadocs are available here:  http://owasp-esapi-java.googlecode.com/svn/trunk/javadoc/index.html <http://owasp-esapi-java.googlecode.com/svn/trunk/javadoc/index.html> 

New build files were added to the SVN source as well as the source zips available for download on our Google Code page (http://code.google.com/p/owasp-esapi-java/downloads/list <http://code.google.com/p/owasp-esapi-java/downloads/list> ).  One build file will create a JAR file with everything necessary to use the ESAPI, including all reference implementations.  The second build file will create a JAR that does not contain any reference implementations.  It is designed for those who wish to create their own implementations using only the ESAPI interfaces.

The ESAPI Wiki has also undergone some changes.  It now contains more information regarding the ESAPI project, including links to download ESAPI, in both JAR and source zip form, links to the new ESAPI Javadocs, and explanations of how to build and use the ESAPI, as well as how to set up a development environment around ESAPI.  The ESAPI Wiki is located here: http://www.owasp.org/index.php/ESAPI <http://www.owasp.org/index.php/ESAPI> 

Lastly, efforts are underway to create an ESAPI demo app.  The demo is called the ESAPI Swingset and will demonstrate what ESAPI does and why it is so valuable.  An early beta version of Swingset is available here:http://www.owasp.org/index.php/ESAPI_Swingset <http://www.owasp.org/index.php/ESAPI_Swingset> 

If anyone has any thoughts or suggestions, please let me know.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20080922/fffa8904/attachment.html 

More information about the OWASP-ESAPI mailing list