[Owasp-leaders] Generating Passwords Hopw

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Wed Jan 21 09:58:09 EST 2009


 Is there merit in doing the same type of activity with the Ruby
community?

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Jeff
Williams
Sent: Tuesday, January 20, 2009 11:39 PM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Generating Passwords Hopw

Hi,

I have been working with Sun and the rest of the Servlet team to get
some better security into the Java Servlet 3.0 specification for the
last year or so. While it has been interesting and somewhat productive,
it is *extremely* difficult to get them to acknowledge the idea that
their APIs need to change for security. I heard every excuse you can
think of (compatibility, performance, usability, complexity, insanity,
etc...). Anyway, while I think the goal is good, I'm not optimistic
about the prospects for just "providing feedback."  I'm leaning towards
the ESAPI approach of providing safe wrappers or replacements for unsafe
methods.

--Jeff
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************



More information about the OWASP-Leaders mailing list