Menu
▾
▴
Re: [Owasp-input-api-developers] spell checked version.
|
From: Steven J. S. <sj...@Ju...> - 2002-06-19 16:48:17
|
On Wed, 19 Jun 2002, vertigo wrote: > Making this transparent to the average webdev is a little too much to ask. > Also, making it "generic" is a little too much to ask for when considering > the broad range of implementation languages available. That was going to be the next point I made. > Making something > "generic" is often times equivalent to simplification. I think rather > than concentrating on how to make this generic as possible, we make some > decisions regarding the following: > > 1) Core features > 2) Public Interface > 3) Configuration > 4) Signature Definition, Storage, and Loading > 5) Rule/Policy Definition, Storage, and Loading > 5) Reporting Framework > 6) Compatibility (between implementations) Within 4 and 5 I'd think we need to subclassify for the different types of exploits - SQL injection, XSS, etc. > The Java version, for example, will be running in its own thread, and > could possibly by accessed by several servlets many times throughout > the lifecycle of the application server in which it is running. Same with the PHP module, if we do this project as a PHP extension. > This long lifecycle, approach, however, does not make sense in Perl, > unless one uses Apache and mod_perl. While Java can afford fairly > expensive instantiation, a Perl CGI cannot. Instantiation may be > handled differently, if at all. It may not even be OO. Why not? -- Steve Sobol, CTO JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET - I do my best work with one of my cockatiels sitting on each shoulder - 6/4/02:A USA TODAY poll found that 80% of Catholics advocated a zero-tolerance stance towards abusive priests. The fact that 20% didn't, scares me... |
