Make ESAPI configuration XML

[GoogleCodeExporter]

ESAPI config file is in properties format, which makes sense for a Java 
application but if it was in XML, it might be possible to port it to 
applications in .NET, Cold Fusion, etc. So baseline configuration files could 
be created at the same time a simple XSL file could create a nice HTML 
version of the configuration file for purposes like this one.

Jim adds: also consider configuration chaining (where one main xml config 
could load another xml config to allow for config separation between each 
"module", like the castor and other project provide.

Original issue reported on code.google.com by manico.james@gmail.com on 21 Jan 2010 at 1:21

• Blocked on: #86

[GoogleCodeExporter]

This is related to, but distinct from http://code.google.com/p/owasp-esapi-
java/issues/detail?id=86

Original comment by manico.james@gmail.com on 21 Jan 2010 at 1:22

[GoogleCodeExporter]

Original comment by manico.james@gmail.com on 25 Jan 2010 at 10:19

• Added labels: Configuration

[GoogleCodeExporter]

Original comment by manico.james@gmail.com on 1 Nov 2010 at 1:22

• Added labels: Milestone-Release2.1

[GoogleCodeExporter]

Original comment by chrisisbeef on 20 Nov 2010 at 9:59

• Added labels: Component-SecurityConfiguration
• Removed labels: Configuration

[GoogleCodeExporter]

Original comment by manico.james@gmail.com on 29 May 2012 at 3:20

[GoogleCodeExporter]

I am reminded again by a blog post by Will Stranathan about the e-v-i-l-s of 
XML for configuration. So if this is something that we would expect an 
operations or system administration team to have to edit (and I think that at 
least some of the the ESAPI properties would qualify), I think XML is a bad 
idea and should be reconsidered.

I doubt I could be as eloquent as Mr. Stranathan, so I will leave it to you to 
read his convincing blog post at:
http://will.thestranathans.com/post/20241350046/stop-it

Original comment by kevin.w.wall@gmail.com on 25 Jun 2012 at 12:57

• Now blocked on: #86