Menu
▾
▴
owasp-input-api-developers
|
From: Christopher T. <ch...@ch...> - 2002-08-27 22:42:47
|
> I spoke with Gabe this afternoon and it was agreed that we're going to > use Java as one of the 2 inital development languages. +1 > Our thinking is that it'll be much easier for us to > be conscious of cross-language development problems if we force > ourselves to develop for at least 2 very different languages right off > the bat. Makes sense to me, so long as everyone goes into this understanding that one of our goals is to be flexible and try to work out these issues. I think our discussion about the testing tool/framework is a good example of how we all have different biases, *which is a Good Thing*, but to succeed, we all need to understand that the Perl folks have it right in that "There is more than one way to do it." :-) > Current thinking is that we might use one of the following: > > * PHP > * Python > * Perl > * C I would argue for Perl. It's popular, very different from Java, and we have Perl developers on this list. > As a final note, expect something vaguely resembling a "design document" > from me by sometime tomorrow afternoon. At the very minimum it will > outline our design philosophy (probably stolen from the vision doc), as > well as technical specifics of how things will be built. Perhaps some > sample usage semantics will be presented. Once I post it, we'll kick it > around a bit before we start coding, but that shouldn't take more than a > couple of days (end of week?). Sounds good to me. Q: Given that the vision doc is high-level, will the "design doc" be, in essence, a requirements doc? WE've already have several conversations relating to requirements; perhaps we could start by pulling all those comments together for discussion? Chris |
|
From: Christopher T. <ch...@ch...> - 2002-08-28 23:21:59
|
> Is there going to be a requirments document for the testing tool and > framework written also? I assume the tool will be written in perl. I had not intended to write a reqs doc for the testing tool, since it is essentially finished. I want to tweak one or two things, but it's essentially ready. The tool is pretty simple - it reads a config file with test input, posts to a web page (php, jsp, asp, whatever), grabs what the server sends back, and compares it to the expected output. Sometime in the next day or so I'll post it to the web someplace where people can download it, try it, and tell me whether it sucks or rocks. If the general consensus is that it is useful and fairly unobtrusive (or at least that it doesn't suck), I'll put it into CVS. Chris |
|
From: Alex R. <al...@se...> - 2002-08-28 23:34:48
|
On Wed, 28 Aug 2002, Christopher Todd wrote: > I had not intended to write a reqs doc for the testing tool, since it is > essentially finished. Great! > I want to tweak one or two things, but it's > essentially ready. The tool is pretty simple - it reads a config file with > test input, posts to a web page (php, jsp, asp, whatever), grabs what the > server sends back, and compares it to the expected output. > > Sometime in the next day or so I'll post it to the web someplace where > people can download it, try it, and tell me whether it sucks or rocks. If > the general consensus is that it is useful and fairly unobtrusive (or at > least that it doesn't suck), I'll put it into CVS. Sounds wonderful. Thanks so much for getting that done. -- Alex Russell al...@Se... al...@ne... |
|
From: Christopher T. <ch...@ch...> - 2002-08-28 23:54:52
|
Matt, > Perl or PHP, if we want to take a "popular" route. IMO PHP developers > are in much more need of this -- at least the perl developers have -t. > > That being said, I think the PHP version will be good for gauging how > well the generally [security] clueless majority will accept this. > > As far as C, I agree with Nik that its not used very much and it will be > a lot more difficult to implement. Personally, I feel anyone still > using C, at least for frontends, is a masochist. No reason for that > kind of power (and danger!) to be used for a web app. > > Python itself should be an easy jump from the Java, perl or python > routes -- I don't think it will be very difficult to implement it in > python. All good points. I agree about Python and C. I originally voted for Perl, but PHP should work just as well for testing the cross-language development waters. Chris |
|
From: Steven J. S. <sj...@Ju...> - 2002-09-05 18:46:01
|
Again... Anyone out there? -- Steve Sobol, CTO JustThe.net LLC, Mentor On The Lake, OH http://JustTheNetLLC.com/ http://JustThe.net/ 888.480.4NET (4638) Happily owned by a wife, two children, two cockatiels, four Chinese Shar-Pei, a Pug, a Whippet, a rescued Greyhound, and a rescued Chow. :) |
|
From: Alex R. <al...@se...> - 2002-09-05 19:05:34
|
On Thu, 5 Sep 2002, Steven J. Sobol wrote: > > Again... > > Anyone out there? yeah, sorry, just massively busy. I'll have status for you later this afternoon -- Alex Russell al...@Se... al...@ne... |
|
From: Nik C. <ni...@ni...> - 2002-08-28 09:09:56
|
On Tue, 27 Aug 2002, Christopher Todd wrote: > > I spoke with Gabe this afternoon and it was agreed that we're going to > > use Java as one of the 2 inital development languages. > > +1 > > > Our thinking is that it'll be much easier for us to > > be conscious of cross-language development problems if we force > > ourselves to develop for at least 2 very different languages right off > > the bat. > > Makes sense to me, so long as everyone goes into this understanding that one > of our goals is to be flexible and try to work out these issues. I think > our discussion about the testing tool/framework is a good example of how we > all have different biases, *which is a Good Thing*, but to succeed, we all > need to understand that the Perl folks have it right in that "There is more > than one way to do it." :-) > > > Current thinking is that we might use one of the following: > > > > * PHP > > * Python > > * Perl > > * C > > I would argue for Perl. It's popular, very different from Java, and we have > Perl developers on this list. I would have to vote for PHP, since I am not confident enough with Perl or Java to write anything very serious, and do not understand the full scope of either language. I am currently doing a lot of PHP work and could easily justify developing PHP filters during work time, and could start on it ASAP. Filters for C are going to be very different to the other languages, since it is a lower level language with its own issues. For full filter functionality in C you will probably find yourself re-writting (or writting wrappers for) a lot of the existing libc functions. How popular is C in web apps nowadays anyway? Is there going to be a requirments document for the testing tool and framework written also? I assume the tool will be written in perl. -Nik |
|
From: Matt W. <wi...@ce...> - 2002-08-28 23:46:04
|
On Tue, 2002-08-27 at 17:32, Christopher Todd wrote: [...] > > Our thinking is that it'll be much easier for us to > > be conscious of cross-language development problems if we force > > ourselves to develop for at least 2 very different languages right off > > the bat. > > Makes sense to me, so long as everyone goes into this understanding that one > of our goals is to be flexible and try to work out these issues. I think > our discussion about the testing tool/framework is a good example of how we > all have different biases, *which is a Good Thing*, but to succeed, we all > need to understand that the Perl folks have it right in that "There is more > than one way to do it." :-) > > > Current thinking is that we might use one of the following: > > > > * PHP > > * Python > > * Perl > > * C > > I would argue for Perl. It's popular, very different from Java, and we have > Perl developers on this list. Perl or PHP, if we want to take a "popular" route. IMO PHP developers are in much more need of this -- at least the perl developers have -t. That being said, I think the PHP version will be good for gauging how well the generally [security] clueless majority will accept this. As far as C, I agree with Nik that its not used very much and it will be a lot more difficult to implement. Personally, I feel anyone still using C, at least for frontends, is a masochist. No reason for that kind of power (and danger!) to be used for a web app. Python itself should be an easy jump from the Java, perl or python routes -- I don't think it will be very difficult to implement it in python. -matt -- Matthew Wirges Developer, CERIAS Incident Response Database wi...@ce... Credo quia absurdum est. |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X