[OWASP-ESAPI] Any codec for Sybase?

Chris Schmidt chrisisbeef at gmail.com
Fri Sep 17 14:52:54 EDT 2010


I just want to clarify the use-case for the database encoders. It is not
common that these should be used in lieu of a parameterized query, however -
there is a business case for them in situations where you may be running a
series of dynamically built statements that have a large amount of
parameters in them. PreparedStatements as they become more and more complex
can actually degrade the performance of a system in comparison to String
concatenation. This is a pretty far out edge case for most applications, but
I have seen applications which process on the order of 10K transactions per
minute using PreparedStatements choke.

To the best of my knowledge this is the only real-world business case for
using the Encoders instead of a PreparedStatement.

That being said, it seems like this is a good candidate for a collection of
contribs - with Encoding potentially becoming part of the core API
functionality, it would be great to allow additional Encoders to be loaded
into the API *easily*



On Fri, Sep 17, 2010 at 11:36 AM, Dave Wichers <dave.wichers at owasp.org>wrote:

>  Not that I know of. We need a number of database codecs for ESAPI.
>
>
>
> Care to write and contribute one? They aren’t that hard at all. I actually
> saw the code for a Sybase codec but it was proprietary to my customer so I
> couldn’t just grab it and contribute it, but it was pretty darn simple.
>
>
>
> Anyone out there on the ESAPI lists want to contribute any database codecs
> for ESAPI? These would be very small contributions but very welcomed. In
> fact, I suspect some of you already have these codecs lying around in your
> implementations. And all you’d have to do is extract them and get permission
> to release them to us.
>
>
>
> I know we need a number of them for popular databases such as:
>
>    - SQL Server (Microsoft)
>    - PostgreSQL (Postgres)
>    - Transact-SQL (Sybase)
>    - DB2 (IBM)
>
> But there are many others as well.
>
>
>
> -Dave
>
>
>
> *From:* owasp-esapi-bounces at lists.owasp.org [mailto:
> owasp-esapi-bounces at lists.owasp.org] *On Behalf Of *Vasten
> *Sent:* Thursday, September 16, 2010 9:17 PM
> *To:* owasp-esapi at lists.owasp.org
> *Subject:* [OWASP-ESAPI] Any codec for Sybase?
>
>
>
> Hi:
> I see codecs for Oracle and MySQL, is there one for Sybase?
>
> Thanks,
> keith
>
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi
>
>


-- 
Chris Schmidt

OWASP ESAPI Developer
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

Check out OWASP ESAPI for Java
http://code.google.com/p/owasp-esapi-java/

OWASP ESAPI for JavaScript
http://code.google.com/p/owasp-esapi-js/

Yet Another Developers Blog
http://yet-another-dev.blogspot.com

Bio and Resume
http://www.digital-ritual.net/resume.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20100917/b3396f08/attachment.html 


More information about the OWASP-ESAPI mailing list