[Esapi-dev] Accesing esapi.properties in restricted environment

Jim Manico jim.manico at owasp.org
Thu Sep 2 14:32:33 EDT 2010 

My opinion is that you need proper access to this server. I'd go through the proper political channels to do this right. :( Property files of this nature should never be deployed in a public directory.

Security involves People Process Technology and Politics :/

-Jim Manico
http://manico.net

On Sep 2, 2010, at 8:20 AM, "Calderon, Juan Carlos (GE, Corporate, consultant)"<juan.calderon at ge.com> wrote:

> Hi Chris
> 
> Is not an option, since we do not manage webserver and thus doing that
> would be very burocratic and might not be approved after all
> 
> Regards,
> Juan C Calderon
> 
> 
> -----Original Message-----
> From: esapi-dev-bounces at lists.owasp.org
> [mailto:esapi-dev-bounces at lists.owasp.org] On Behalf Of Chris Schmidt
> Sent: Jueves, 02 de Septiembre de 2010 12:52 p.m.
> To: esapi-dev at lists.owasp.org
> Subject: Re: [Esapi-dev] Accesing esapi.properties in restricted
> environment
> 
> 
>  Have you tried passing the path in as a system property on the command
> line?
> 
> -Dorg.owasp.esapi.resources="C:\temp\resources"
> 
> 
> 
> On 9/2/2010 11:37 AM, Calderon, Juan Carlos (GE, Corporate, consultant)
> wrote:
>> I know the discovery process (I am familiar with the 
>> SecurityConfiguration class). But I cannot find a way to indicate 
>> ESAPI that configuration files will be in let's say 
>> /.esapi/ESAPI.properties without modifying the code. Just want to 
>> confirm I am not missing anything.
>> 
>> Could you let me know how to indicate ESAPI to load a file in the 
>> previous path?
>> 
>> Regards,
>> Juan C Calderon
>> 
>> 
>> -----Original Message-----
>> From: Jim Manico [mailto:jim.manico at owasp.org]
>> Sent: Jueves, 02 de Septiembre de 2010 12:30 p.m.
>> To: Calderon, Juan Carlos (GE, Corporate, consultant)
>> Cc: ESAPI-Developers;<esapi-user at lists.owasp.org>
>> Subject: Re: Accesing esapi.properties in restricted environment
>> 
>> It should work fine - we have pretty extensive auto-discovery code in 
>> our property file loading mechanism. If it doesn't work, please send 
>> me your log output.
>> 
>> Jim Manico
>> jim at manico.net
>> 
>> On Sep 2, 2010, at 6:55 AM, "Calderon, Juan Carlos (GE, Corporate, 
>> consultant)"<juan.calderon at ge.com>  wrote:
>> 
>>> Hello List/Jim
>>> 
>>> We are implementing ESAPI in an application hosted in a very 
>>> restricted environment, thus we have to put the ESAPI.properties file
> 
>>> in a webspace folder since all classpath paths are not accessible 
>>> (not even those in
>>> WEB-INF) and since this is a server we are not managing, then we 
>>> cannot place files outside of webspace.
>>> 
>>> Is there any way to do this?
>>> 
>>> Juan C Calderon
>> _______________________________________________
>> Esapi-dev mailing list
>> Esapi-dev at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-dev
> 
> _______________________________________________
> Esapi-dev mailing list
> Esapi-dev at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-dev
> _______________________________________________
> Esapi-dev mailing list
> Esapi-dev at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-dev

More information about the Esapi-dev mailing list