[OWASP-ESAPI] introduction, grails

Bradley Beddoes bradleybeddoes at gmail.com
Mon Mar 9 17:56:36 EDT 2009

Hi,Firstly congratulation on the work being done with ESAPI, I've spent the
last few days going over lots of various pieces of documentation on your

Anyways after looking around at all the various pieces I had a few

* In some of the interfaces (Authenticator for example) there seems to be a
number of functions that imply a local store of user information
(chagePassword, createUser etc). This doesn't make much sense to me in an
enterprise situation using a central LDAP server or overall SSO system. What
is the advised approach in this situation? I was thinking just implement
these functions as a no-op, potentially throwing

* Has anybody done anything with integrating between ESAPI and Grails (
grails.org)? If so I'd be very happy to hear about your experiences, I'm
considering doing something in this space. The safe(er)HTTPFilter and
AccessReferenceMap in-particular seem pretty useful for apps being built
with grails.

Thanks for your time guys (and gals? :) ), appreciate it.


Catch me on Twitter: @bradleybeddoes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090310/121a43d7/attachment.html 

More information about the OWASP-ESAPI mailing list