[OWASP-ESAPI] Shameless Blog Plug

Neil Matatall nmatatal at uci.edu
Thu Aug 6 14:26:39 EDT 2009


You hit the key point: "_if_ you know that there is a correct way":  
most developers don't know about this problem!  I definitely think 
adding a helper method is good both from a code clarity aspect as well 
as a way to encourage (and enlighten) developers who aren't doing this 
today.  We do have a growing util package...

Neil

Dan Cornell wrote:
>> I have been, and will continue to be talking about ESAPI on my
>> relatively new blog so it would be awesome to get everyone here over
>>     
> to
>   
>> read and follow and comment and so forth and start building my blogs
>> footprint on the interwebz.
>>
>> You can check it out at http://yet-another-dev.blogspot.com
>>
>>     
>
> You made a great point that I've seen come up a couple of times recently
> in this post:
> <http://yet-another-dev.blogspot.com/2009/08/synchronizing-httpsession.h
> tml>
>
> Would it make sense to add an ESAPI method that would return:
>
> request.getSession().getId().intern()
>
> Perhaps a method like:
>
> getSessionSynchronizationObject()
>
> I'd need to re-review the API docs to see exactly where this might fit
> best, but that might be a way to promote the "correct" use of session
> synchronization.
>
> Of course, if you know that there is a "correct" way to do session
> synchronization, you probably already know how to do this and wouldn't
> need a helper method :)
>
> Thanks,
>
> Dan
>
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090806/a247d0e5/attachment.html 


More information about the OWASP-ESAPI mailing list