[OWASP-ESAPI] ESAPI.NET - Allow custom actions
apbogdan at gmail.com
Tue Aug 25 17:29:52 EDT 2009
I think one useful extension point for ESAPI would be to change intrusion
detection actions from being predefined string values to objects
implementing a standard interface called IAction (for example). The
motivation is that sometimes you need to do more then just a simple logout -
for example you may want to trigger a more complex web sso logout.
The default implementation will continue to have the already implemented
actions but wrapped as IAction instances, and it will also allow consumers
to add named custom actions at runtime - much like the validation rules and
codes are working today.
Let me know what you think.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI