[Owasp-leaders] Generating Passwords Hopw

Stephen de Vries stephen at twisteddelight.org
Wed Jan 21 10:33:07 EST 2009


I think trying to get web security issues addressed in the servlet  
spec is aiming at too low a level.  You might have better luck with  
web frameworks projects instead.  Similarly with Ruby, the language  
itself is too low level, but getting security features added to the  
Rails framework might be more feasible.


On Jan 21, 2009, at 3:58 PM, McGovern, James F (HTSC, IT) wrote:

> Is there merit in doing the same type of activity with the Ruby
> community?
>
> -----Original Message-----
> From: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Jeff
> Williams
> Sent: Tuesday, January 20, 2009 11:39 PM
> To: owasp-leaders at lists.owasp.org
> Subject: Re: [Owasp-leaders] Generating Passwords Hopw
>
> Hi,
>
> I have been working with Sun and the rest of the Servlet team to get
> some better security into the Java Servlet 3.0 specification for the
> last year or so. While it has been interesting and somewhat  
> productive,
> it is *extremely* difficult to get them to acknowledge the idea that
> their APIs need to change for security. I heard every excuse you can
> think of (compatibility, performance, usability, complexity, insanity,
> etc...). Anyway, while I think the goal is good, I'm not optimistic
> about the prospects for just "providing feedback."  I'm leaning  
> towards
> the ESAPI approach of providing safe wrappers or replacements for  
> unsafe
> methods.
>
> --Jeff
> ************************************************************
> This communication, including attachments, is for the exclusive use  
> of addressee and may contain proprietary, confidential and/or  
> privileged information.  If you are not the intended recipient, any  
> use, copying, disclosure, dissemination or distribution is strictly  
> prohibited.  If you are not the intended recipient, please notify  
> the sender immediately by return e-mail, delete this communication  
> and destroy all copies.
> ************************************************************
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list