Re^4: :OWASP ESAPI Implementation for Perl?

Hi - ESAPI isn't attempting any magic. We believe developers need to have a set of strong simple security controls available, and so we created an API and a reference implementation. We can't do the impossible, so there's only limited support for verifying URLs. However, there are lots of controls that you might find useful, including validation, canonicalization, encoding, encryption, authentication, access control, logging, random numbers, etc...

Comment on Re^4: :OWASP ESAPI Implementation for Perl?

Replies are listed 'Best First'.
Re^5: :OWASP ESAPI Implementation for Perl? by BrowserUk (Patriarch) on Dec 20, 2010 at 04:47 UTC
We can't do the impossible, so there's only limited support for verifying URLs. Could you explain exactly what verification you do do? With examples of url's that would fail your verification? Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice.	[reply]

Replies are listed 'Best First'.

Re^5: :OWASP ESAPI Implementation for Perl?
by BrowserUk (Patriarch) on Dec 20, 2010 at 04:47 UTC

We can't do the impossible, so there's only limited support for verifying URLs.

Could you explain exactly what verification you do do? With examples of url's that would fail your verification?

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

[reply]