[Esapi-dev] Accesing esapi.properties in restricted environment

Calderon, Juan Carlos (GE, Corporate, consultant) juan.calderon at ge.com
Thu Sep 2 14:23:47 EDT 2010 

That is my proposal, but I am open to any other option, while it doesn't
include modifications to Web-Server configuration or placing OS files
other that those in the web space of the application (not including
WEB-INF).

Regards,
Juan C Calderon


-----Original Message-----
From: Jim Manico [mailto:jim.manico at owasp.org] 
Sent: Jueves, 02 de Septiembre de 2010 01:13 p.m.
To: Calderon, Juan Carlos (GE, Corporate, consultant)
Cc: ESAPI-Developers
Subject: Re: [Esapi-dev] Accesing esapi.properties in restricted
environment

So if I'm reading you right - you are putting config files in a public
directory and blocking access to it via ESAPI's WAF? This tends to be a
bad practice that makes me think the server is configured wrong.

-Jim Manico
http://manico.net

On Sep 2, 2010, at 7:32 AM, "Calderon, Juan Carlos (GE, Corporate,
consultant)"<juan.calderon at ge.com> wrote:

> Oh BTW, there will be no problem with "exposing" the configuration 
> files in the webspace as we will restrict access to them using ESAPI 
> WAF rules.
> 
> Regards,
> Juan C Calderon
> 
> 
> -----Original Message-----
> From: esapi-dev-bounces at lists.owasp.org 
> [mailto:esapi-dev-bounces at lists.owasp.org] On Behalf Of Calderon, Juan

> Carlos (GE, Corporate, consultant)
> Sent: Jueves, 02 de Septiembre de 2010 11:56 a.m.
> To: Jim Manico; ESAPI-Developers; esapi-user at lists.owasp.org
> Subject: [Esapi-dev] Accesing esapi.properties in restricted 
> environment
> 
> Hello List/Jim
> 
> We are implementing ESAPI in an application hosted in a very 
> restricted environment, thus we have to put the ESAPI.properties file 
> in a webspace folder since all classpath paths are not accessible (not

> even those in
> WEB-INF) and since this is a server we are not managing, then we 
> cannot place files outside of webspace.
> 
> Is there any way to do this?
> 
> Juan C Calderon
> _______________________________________________
> Esapi-dev mailing list
> Esapi-dev at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-dev

More information about the Esapi-dev mailing list