Menu
▾
▴
owasp-input-api-developers
|
From: <Chr...@ey...> - 2002-09-24 13:19:14
|
Mark,
I think a version of the Filters API implemented as a Servlet 2.3 Filter
could be useful, and I have proposed such an implementation on this list
in the past. It is something I will work on, but it may not be consistent
with the approach we'll take at the outset, which is to create filters to
be used at boundaries.
My thoughts about using an InterceptorFilter in this context is that it
would allow web app administrators to take a declarative approach by
mapping request parameters for specific web resources to specific API
filter functions. That would mean scrubbing all the input before the
Servlet sees it, which is a different approach from filtering at
boundaries.
I apologize for the email format, but I'm sending this from my work email,
as I do not have access to my other mail right now, and Lotus Notes does
some annoying things I don't have any control over (the sig and formatting
as HTML).
Chris
Mark Curphey <ma...@cu...>
Sent by: owa...@li...
09/22/2002 02:12 AM
Please respond to mark
To: owa...@li...
cc:
Subject: [Owasp-input-api-developers] Design Doc
I must of become unsubscribed for some reason so
wasn't getting mail...sorry about that one.
Design doc looks pretty cool.
Did you decide on a 2nd initial language ?
I see a great deal of C CGI still around. I saw
Steves PHP web mail app as well which might be cool.
In Java would the implementation be done using the
Java Filters package (part of Servlet 2.3 spec) ?
http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/s
ervlet/Filter.html
I thought this was interesting as well
http://java.sun.com/blueprints/patterns/InterceptingF
ilter.html
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Owasp-input-api-developers mailing list
Owa...@li...
https://lists.sourceforge.net/lists/listinfo/owasp-input-api-developers
________________________________________________________________________
The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Ernst & Young LLP
|
|
From: Mark C. <ma...@cu...> - 2002-09-24 14:15:07
|
Cheers. On Tue, 2002-09-24 at 06:27, Chr...@ey... wrote: > Mark, > > I think a version of the Filters API implemented as a Servlet 2.3 Filter > could be useful, and I have proposed such an implementation on this list > in the past. It is something I will work on, but it may not be consistent > with the approach we'll take at the outset, which is to create filters to > be used at boundaries. Just my 2 cents worth but I would suggest you chat the the PM (Gabe) and tech lead (Alex) to ensure its in unison with whats been mutually agreed on, to ensure inclusion with the project release files. > > My thoughts about using an InterceptorFilter in this context is that it > would allow web app administrators to take a declarative approach by > mapping request parameters for specific web resources to specific API > filter functions. That would mean scrubbing all the input before the > Servlet sees it, which is a different approach from filtering at > boundaries. > > I apologize for the email format, but I'm sending this from my work email, > as I do not have access to my other mail right now, and Lotus Notes does > some annoying things I don't have any control over (the sig and formatting > as HTML). > > Chris > > > > > > Mark Curphey <ma...@cu...> > Sent by: owa...@li... > 09/22/2002 02:12 AM > Please respond to mark > > > To: owa...@li... > cc: > Subject: [Owasp-input-api-developers] Design Doc > > > I must of become unsubscribed for some reason so > wasn't getting mail...sorry about that one. > > Design doc looks pretty cool. > > Did you decide on a 2nd initial language ? > > I see a great deal of C CGI still around. I saw > Steves PHP web mail app as well which might be cool. > > In Java would the implementation be done using the > Java Filters package (part of Servlet 2.3 spec) ? > > http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/s > ervlet/Filter.html > > I thought this was interesting as well > > http://java.sun.com/blueprints/patterns/InterceptingF > ilter.html > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Owasp-input-api-developers mailing list > Owa...@li... > https://lists.sourceforge.net/lists/listinfo/owasp-input-api-developers > > > > ________________________________________________________________________ > The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Ernst & Young LLP |
|
From: Alex R. <al...@ne...> - 2002-09-24 15:14:33
|
On Tuesday 24 September 2002 02:14, Mark Curphey wrote: > Cheers. > > On Tue, 2002-09-24 at 06:27, Chr...@ey... wrote: > > Mark, > > > > I think a version of the Filters API implemented as a Servlet 2.3 Fil= ter > > could be useful, and I have proposed such an implementation on this l= ist > > in the past. It is something I will work on, but it may not be > > consistent with the approach we'll take at the outset, which is to cr= eate > > filters to be used at boundaries. > > Just my 2 cents worth but I would suggest you chat the the PM (Gabe) an= d > tech lead (Alex) to ensure its in unison with whats been mutually agree= d > on, to ensure inclusion with the project release files. I don't think that putting a filter in a Servlet Filter is a bad idea, bu= t i=20 think that we should recognize that it's only going to cover one boundary= =2E=20 That being the case, I'm all for things that make our tools easier to=20 integrate for developers. --=20 Alex Russell al...@Se... al...@ne... |
|
From: Gabriel L. <ga...@bu...> - 2002-09-24 16:34:52
|
On Tue, 2002-09-24 at 00:14, Mark Curphey wrote: > Cheers. > > On Tue, 2002-09-24 at 06:27, Chr...@ey... wrote: > > Mark, > > > > I think a version of the Filters API implemented as a Servlet 2.3 Filter > > could be useful, and I have proposed such an implementation on this list > > in the past. It is something I will work on, but it may not be consistent > > with the approach we'll take at the outset, which is to create filters to > > be used at boundaries. > > Just my 2 cents worth but I would suggest you chat the the PM (Gabe) and > tech lead (Alex) to ensure its in unison with whats been mutually agreed > on, to ensure inclusion with the project release files. The idea that Alex and I had discussed in the past was that of a layered approach. That being that the first bit of work we do was more nuts and bolts, and then this could be used to make a more plug and play solution a la servlet filters... So its not out of sync necessarily with what we want to do, but what we are really after is making first tools and then solutions... -gabe -- Gabriel Lawrence CTO Butterfly Security <www.butterflysecurity.com> (408) 333-9948 ga...@bu... |
|
From: Mark C. <ma...@cu...> - 2002-09-24 16:45:24
|
Cool, just making sure things didn't stray like they did again ;-) ---- Gabriel Lawrence <ga...@bu...> wrote: > On Tue, 2002-09-24 at 00:14, Mark Curphey wrote: > > Cheers. > > > > On Tue, 2002-09-24 at 06:27, Chr...@ey... wrote: > > > Mark, > > > > > > I think a version of the Filters API implemented as a Servlet 2.3 Filter > > > could be useful, and I have proposed such an implementation on this list > > > in the past. It is something I will work on, but it may not be consistent > > > with the approach we'll take at the outset, which is to create filters to > > > be used at boundaries. > > > > Just my 2 cents worth but I would suggest you chat the the PM (Gabe) and > > tech lead (Alex) to ensure its in unison with whats been mutually agreed > > on, to ensure inclusion with the project release files. > > The idea that Alex and I had discussed in the past was that of a layered > approach. That being that the first bit of work we do was more nuts and > bolts, and then this could be used to make a more plug and play solution > a la servlet filters... So its not out of sync necessarily with what we > want to do, but what we are really after is making first tools and then > solutions... > > -gabe > > > -- > Gabriel Lawrence > CTO > Butterfly Security <www.butterflysecurity.com> > (408) 333-9948 > ga...@bu... > > > > --------------------------------------------------- ---- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Owasp-input-api-developers mailing list > Owa...@li... > https://lists.sourceforge.net/lists/listinfo/owasp- input-api-developers > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X