[Esapi-user] Properties File modification
owen.k.berger at gmail.com
Sat Jul 10 19:51:55 EDT 2010
I was just trying to implement a MessageUtils class that acts as a
centralized message-getting mechanism. I was checking to see how ESAPI
dealt with properties file changes, and noticed that in line 210 of the
// private static long lastModified = -1;
the lastModified variable had been commented out, as if there was
consideration for this, but then it was removed. Is there a security
concern in checking for properties file changes each time they are called
on, or is it enough just to check lastModified against the properties file
and synchronize access to it?
p.s. Congrats on the speech at AppSecUSA.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user