ESAPI Framework Strategy

From OWASP
Revision as of 09:40, 11 December 2008 by Monzillo (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

the esapi should

be defined such that it can be used on behalf of applications by frameworks including containers (unless the nature of the functionality is such that it can only work from the application). another way this was said, is such that the api is compatible with ioc.

share the representations of authentication state employed by the underlying framework or runtime environment.

leverage the access control primitives (e.j. Java permissions) employed by the underlying framework or runtime environment