[OWASP-ESAPI] Question about Provider/Implementation architecture

Jim Manico jim.manico at owasp.org
Wed Aug 12 17:34:39 EDT 2009

And for what it's worth, I think it would be rather easy to do. We just need a master interface that excapsultates the functionality of the sub-providers that we already have, and then support...
ESAPI.addProvider(new com.your.company.ESAPI());Then when you implement com.your.company.ESAPI it will have to implement the master ESAPI interface....----- Original Message ----- 
  From: Jim Manico 
  To: owasp-esapi at lists.owasp.org 
  Cc: Boberski, Michael [USA] 
  Sent: Wednesday, August 12, 2009 11:25 AM
  Subject: Question about Provider/Implementation architecture

  Right now, each "piece" of ESAPI can have a different provider, like so.


  Mike Boberski from the OWASP ASVS project had a very interesting idea that seems reasonable to me. 

  Mike is proposing that we have a provider for the whole - like JCE does.

  Quoting Mike:

  "In my mind, an organization should be able to easily swap in and out their whole ESAPI. Coding to and managing different sets of pieces will be messy for a large application that is for example made up of several separate server applications of various types that have been integrated together. That's actually the scenario I'm facing with the PHP."

  What do you think, Gentlemen? Do you like this idea, and if so, what should it look like?

  - Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090812/3affef84/attachment.html 

More information about the OWASP-ESAPI mailing list