[OWASP-ESAPI] Question about Provider/Implementation architecture

Jim Manico jim.manico at owasp.org
Wed Aug 12 17:34:39 EDT 2009


And for what it's worth, I think it would be rather easy to do. We just need a master interface that excapsultates the functionality of the sub-providers that we already have, and then support...
ESAPI.addProvider(new com.your.company.ESAPI());Then when you implement com.your.company.ESAPI it will have to implement the master ESAPI interface....----- Original Message ----- 
  From: Jim Manico 
  To: owasp-esapi at lists.owasp.org 
  Cc: Boberski, Michael [USA] 
  Sent: Wednesday, August 12, 2009 11:25 AM
  Subject: Question about Provider/Implementation architecture


  Right now, each "piece" of ESAPI can have a different provider, like so.

  ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
  ESAPI.Encryptor=org.owasp.esapi.reference.JavaEncryptor
  ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
  ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
  ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
  ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
  #ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
  ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
  ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator

  Mike Boberski from the OWASP ASVS project had a very interesting idea that seems reasonable to me. 

  Mike is proposing that we have a provider for the whole - like JCE does.

  Quoting Mike:

  "In my mind, an organization should be able to easily swap in and out their whole ESAPI. Coding to and managing different sets of pieces will be messy for a large application that is for example made up of several separate server applications of various types that have been integrated together. That's actually the scenario I'm facing with the PHP."

  What do you think, Gentlemen? Do you like this idea, and if so, what should it look like?

  - Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090812/3affef84/attachment.html 


More information about the OWASP-ESAPI mailing list