[OWASP-ESAPI] Any codec for Sybase?
chrisisbeef at gmail.com
Fri Sep 17 14:52:54 EDT 2010
I just want to clarify the use-case for the database encoders. It is not
common that these should be used in lieu of a parameterized query, however -
there is a business case for them in situations where you may be running a
series of dynamically built statements that have a large amount of
parameters in them. PreparedStatements as they become more and more complex
can actually degrade the performance of a system in comparison to String
concatenation. This is a pretty far out edge case for most applications, but
I have seen applications which process on the order of 10K transactions per
minute using PreparedStatements choke.
To the best of my knowledge this is the only real-world business case for
using the Encoders instead of a PreparedStatement.
That being said, it seems like this is a good candidate for a collection of
contribs - with Encoding potentially becoming part of the core API
functionality, it would be great to allow additional Encoders to be loaded
into the API *easily*
On Fri, Sep 17, 2010 at 11:36 AM, Dave Wichers <dave.wichers at owasp.org>wrote:
> Not that I know of. We need a number of database codecs for ESAPI.
> Care to write and contribute one? They aren’t that hard at all. I actually
> saw the code for a Sybase codec but it was proprietary to my customer so I
> couldn’t just grab it and contribute it, but it was pretty darn simple.
> Anyone out there on the ESAPI lists want to contribute any database codecs
> for ESAPI? These would be very small contributions but very welcomed. In
> fact, I suspect some of you already have these codecs lying around in your
> implementations. And all you’d have to do is extract them and get permission
> to release them to us.
> I know we need a number of them for popular databases such as:
> - SQL Server (Microsoft)
> - PostgreSQL (Postgres)
> - Transact-SQL (Sybase)
> - DB2 (IBM)
> But there are many others as well.
> *From:* owasp-esapi-bounces at lists.owasp.org [mailto:
> owasp-esapi-bounces at lists.owasp.org] *On Behalf Of *Vasten
> *Sent:* Thursday, September 16, 2010 9:17 PM
> *To:* owasp-esapi at lists.owasp.org
> *Subject:* [OWASP-ESAPI] Any codec for Sybase?
> I see codecs for Oracle and MySQL, is there one for Sybase?
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
OWASP ESAPI Developer
Check out OWASP ESAPI for Java
Yet Another Developers Blog
Bio and Resume
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI