[OWASP-ESAPI] Question about Provider/Implementation architecture

Rogan Dawes lists at dawes.za.net
Wed Aug 12 18:05:57 EDT 2009

Jim Manico wrote:
> And for what it's worth, I think it would be rather easy to do. We just
> need a master interface that excapsultates the functionality of the
> sub-providers that we already have, and then support...
> *ESAPI.addProvider(new com.your.company.ESAPI());*
> Then when you implement *com.your.company.ESAPI* it will have to implement the master ESAPI interface....

How is this different to (better than) the current:

ESAPI.setEncoder(new com.yourcompany.Encoder());

for the bits you actually want to implement yourself?

all addProvider would do is:

public void addProvider(Provider provider) {

but provider would have to have implementations for EVERY ESAPI
interface, even those where you just want to use the reference.

Doesn't seem like an improvement to me.


More information about the OWASP-ESAPI mailing list