[OWASP-ESAPI] ESAPI.NET - Allow custom actions
chrisisbeef at gmail.com
Tue Aug 25 22:20:57 EDT 2009
I think this would be a great addition. The main contention point I see here
is the configuration element. I have never been a fan of obese properties
files, or properties files in general when referring to classes. It makes
debugging and tracing code difficult in an age where IDE's have made it
easy. If we were to implement something like this, I would think that we
would want to make it something that could be configured either
programmatically or with a properties/xml file. That way, people could make
the choice of how to configure their application according to their own
in-house best practices and code conventions.
On Tue, Aug 25, 2009 at 3:29 PM, Paul Apostolescu <apbogdan at gmail.com>wrote:
> I think one useful extension point for ESAPI would be to change intrusion
> detection actions from being predefined string values to objects
> implementing a standard interface called IAction (for example). The
> motivation is that sometimes you need to do more then just a simple logout -
> for example you may want to trigger a more complex web sso logout.
> The default implementation will continue to have the already implemented
> actions but wrapped as IAction instances, and it will also allow consumers
> to add named custom actions at runtime - much like the validation rules and
> codes are working today.
> Let me know what you think.
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI