[Owasp-leaders] Question on Regex

McGovern, James F. (eBusiness) James.McGovern at thehartford.com
Wed Oct 14 11:43:59 EDT 2009


Having a debate with some developers and I wanted to understand if there
was any security perspectives that have merit when it comes to using
Regex. So, I noted that ESAPI for example, has a single properties file
where regex compilation happens in each validation action and not via
uber-singleton upfront compilation. Is this developer religion? 
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20091014/e2e72662/attachment.html 


More information about the OWASP-Leaders mailing list