Menu
▾
▴
Re: [Owasp-input-api-developers] spell checked version.
|
From: vertigo <ve...@pa...> - 2002-06-19 16:30:06
|
Making this transparent to the average webdev is a little too much to ask. Also, making it "generic" is a little too much to ask for when considering the broad range of implementation languages available. Making something "generic" is often times equivalent to simplification. I think rather than concentrating on how to make this generic as possible, we make some decisions regarding the following: 1) Core features 2) Public Interface 3) Configuration 4) Signature Definition, Storage, and Loading 5) Rule/Policy Definition, Storage, and Loading 5) Reporting Framework 6) Compatibility (between implementations) The Java version, for example, will be running in its own thread, and could possibly by accessed by several servlets many times throughout the lifecycle of the application server in which it is running. As are the servlets, it is conceivable that the filter could be loaded once--minimizing complex object construction, and have a fairly long lifecycle. This is due to the nature of the Java language and virtual machine. This long lifecycle, approach, however, does not make sense in Perl, unless one uses Apache and mod_perl. While Java can afford fairly expensive instantiation, a Perl CGI cannot. Instantiation may be handled differently, if at all. It may not even be OO. I think we should remember that there are fundamental architectural differences between implementation languages that cannot be generalized away into the aether. And rather than trying to fit square pegs into round holes, we should create prism-shaped containers for each peg and push these through triangular holes. (I kind of lost the metaphor at the end there, sorry.) Nathan Nathan On Tue, 18 Jun 2002, Steven J. Sobol wrote: > On 18 Jun 2002, Gabriel Lawrence wrote: > > > So, I see the first step of this process being developing some simple > > api's that allow developers to start incorporating this stuff into their > > applications. I think at this level it would be key to make this stuff > > as generic as possible as the code will need to be ported to multiple > > environments: Python, Java, PHP, Perl, C/C++, ColdFusion and so on... > > (Apologies for not making it to irc yesterday) > > I don't know how "generic" we'll be able to make the code... > > > And finally, we need to incorporate technology specific solutions into > > the api so that we can become a layer of protection wrapped around the > > technology supporting it where those technologies are weak or create > > holes. > > Is our goal to make this stuff transparent to John Q. Webappdeveloper? > > > -- > Steve Sobol, CTO JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET > - I do my best work with one of my cockatiels sitting on each shoulder - > 6/4/02:A USA TODAY poll found that 80% of Catholics advocated a zero-tolerance > stance towards abusive priests. The fact that 20% didn't, scares me... > > > > ---------------------------------------------------------------------------- > Bringing you mounds of caffeinated joy > >>> http://thinkgeek.com/sf <<< > > _______________________________________________ > Owasp-input-api-developers mailing list > Owa...@li... > https://lists.sourceforge.net/lists/listinfo/owasp-input-api-developers > |
