[Esapi-dev] Accesing esapi.properties in restricted environment
Calderon, Juan Carlos (GE, Corporate, consultant)
juan.calderon at ge.com
Thu Sep 2 14:23:47 EDT 2010
That is my proposal, but I am open to any other option, while it doesn't
include modifications to Web-Server configuration or placing OS files
other that those in the web space of the application (not including
Juan C Calderon
From: Jim Manico [mailto:jim.manico at owasp.org]
Sent: Jueves, 02 de Septiembre de 2010 01:13 p.m.
To: Calderon, Juan Carlos (GE, Corporate, consultant)
Subject: Re: [Esapi-dev] Accesing esapi.properties in restricted
So if I'm reading you right - you are putting config files in a public
directory and blocking access to it via ESAPI's WAF? This tends to be a
bad practice that makes me think the server is configured wrong.
On Sep 2, 2010, at 7:32 AM, "Calderon, Juan Carlos (GE, Corporate,
consultant)"<juan.calderon at ge.com> wrote:
> Oh BTW, there will be no problem with "exposing" the configuration
> files in the webspace as we will restrict access to them using ESAPI
> WAF rules.
> Juan C Calderon
> -----Original Message-----
> From: esapi-dev-bounces at lists.owasp.org
> [mailto:esapi-dev-bounces at lists.owasp.org] On Behalf Of Calderon, Juan
> Carlos (GE, Corporate, consultant)
> Sent: Jueves, 02 de Septiembre de 2010 11:56 a.m.
> To: Jim Manico; ESAPI-Developers; esapi-user at lists.owasp.org
> Subject: [Esapi-dev] Accesing esapi.properties in restricted
> Hello List/Jim
> We are implementing ESAPI in an application hosted in a very
> restricted environment, thus we have to put the ESAPI.properties file
> in a webspace folder since all classpath paths are not accessible (not
> even those in
> WEB-INF) and since this is a server we are not managing, then we
> cannot place files outside of webspace.
> Is there any way to do this?
> Juan C Calderon
> Esapi-dev mailing list
> Esapi-dev at lists.owasp.org
More information about the Esapi-dev