[OWASP-ESAPI] ESAPI.NET - Allow custom actions

Paul Apostolescu apbogdan at gmail.com
Tue Aug 25 17:29:52 EDT 2009


All,
I think one useful extension point for ESAPI would be to change intrusion
detection actions from being predefined string values to objects
implementing a standard interface called IAction (for example). The
motivation is that sometimes you need to do more then just a simple logout -
for example you may want to trigger a more complex web sso logout.

 The default implementation will continue to have the already implemented
actions but wrapped as IAction instances, and it will also allow consumers
to add named custom actions at runtime - much like the validation rules and
codes are working today.

Let me know what you think.

Thanks
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090825/4d3933b9/attachment.html 


More information about the OWASP-ESAPI mailing list