Ben Poweski
2004-06-27 18:38:45 UTC
Squeaky new gmail account (now on mailing list :) ).
---------- Forwarded message ----------
From: Ben Poweski <bpoweski at gmail.com>
Date: Sun, 27 Jun 2004 01:13:32 -0500
Subject: OWASP Stuff
To: jeff.williams at aspectsecurity.com, mark at curphey.com
Cc: david.raphael at ceterum.net
Hey guys,
I've made some great progress this weekend on the cms templates for
our site. The integration efforts are going well. David and I have
come up with a way of using jaas policy files for security enforcement
in the portal (rather than rolling our own role/user stuff like
everyone else). Gauging from what I see on google, most people don't
seem to understand the power behind JAAS as it is a framework not
necessarily a complete implementation of a security strategy. Once we
get a bit farther, I would like to hear what everyone else thinks
about it.
Everyone might want to check out http://www.apache.org/foundation/, I
found it interesting they name VPs for all of their projects. Since
we are a corporation, something like that might be well suited for the
project leaders?
We need to get a plan together on setting up the machines we have.
What is the current status of the boxes and load balancers?
I'm getting to the point where i'd like to deploy a version of the
portal with magnolia so people can start playing with it, and I can
get their feedback on what types of additional templates we'll need.
Also, I think our project members should have owasp business cards
since we moving towards an organized entity rather than a bunch of
open source hax0rs.
Thoughts?
Things I have slated for my next few months in owasp:
Finalize portal integration with magnolia
Update oPortal unit tests
Additional CMS templates
New site content for oPortal
Configuration of the deployment environment for our production servers
Additional lower priority items:
JIRA implementation
Cheers
-Ben
---------- Forwarded message ----------
From: Ben Poweski <bpoweski at gmail.com>
Date: Sun, 27 Jun 2004 01:13:32 -0500
Subject: OWASP Stuff
To: jeff.williams at aspectsecurity.com, mark at curphey.com
Cc: david.raphael at ceterum.net
Hey guys,
I've made some great progress this weekend on the cms templates for
our site. The integration efforts are going well. David and I have
come up with a way of using jaas policy files for security enforcement
in the portal (rather than rolling our own role/user stuff like
everyone else). Gauging from what I see on google, most people don't
seem to understand the power behind JAAS as it is a framework not
necessarily a complete implementation of a security strategy. Once we
get a bit farther, I would like to hear what everyone else thinks
about it.
Everyone might want to check out http://www.apache.org/foundation/, I
found it interesting they name VPs for all of their projects. Since
we are a corporation, something like that might be well suited for the
project leaders?
We need to get a plan together on setting up the machines we have.
What is the current status of the boxes and load balancers?
I'm getting to the point where i'd like to deploy a version of the
portal with magnolia so people can start playing with it, and I can
get their feedback on what types of additional templates we'll need.
Also, I think our project members should have owasp business cards
since we moving towards an organized entity rather than a bunch of
open source hax0rs.
Thoughts?
Things I have slated for my next few months in owasp:
Finalize portal integration with magnolia
Update oPortal unit tests
Additional CMS templates
New site content for oPortal
Configuration of the deployment environment for our production servers
Additional lower priority items:
JIRA implementation
Cheers
-Ben