[OWASP-ESAPI] introduction, grails

Bradley Beddoes bradleybeddoes at gmail.com
Mon Mar 9 17:56:36 EDT 2009


Hi,Firstly congratulation on the work being done with ESAPI, I've spent the
last few days going over lots of various pieces of documentation on your
website.

Anyways after looking around at all the various pieces I had a few
questions:

* In some of the interfaces (Authenticator for example) there seems to be a
number of functions that imply a local store of user information
(chagePassword, createUser etc). This doesn't make much sense to me in an
enterprise situation using a central LDAP server or overall SSO system. What
is the advised approach in this situation? I was thinking just implement
these functions as a no-op, potentially throwing
AuthenticationException<http://owasp-esapi-java.googlecode.com/svn/trunk_doc/org/owasp/esapi/errors/AuthenticationException.html>

* Has anybody done anything with integrating between ESAPI and Grails (
grails.org)? If so I'd be very happy to hear about your experiences, I'm
considering doing something in this space. The safe(er)HTTPFilter and
AccessReferenceMap in-particular seem pretty useful for apps being built
with grails.

Thanks for your time guys (and gals? :) ), appreciate it.

regards,
Bradley

Catch me on Twitter: @bradleybeddoes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090310/121a43d7/attachment.html 


More information about the OWASP-ESAPI mailing list