[Esapi-user] Properties File modification

Jim Manico jim.manico at owasp.org
Sun Jul 11 21:07:58 EDT 2010


Owen,

Good catch, thanks!

Can you please take a look at...

http://code.google.com/p/owasp-esapi-java/issues/list

...and see if we are tracking this feature request? If not, could you 
please add this issue?

Thanks Owen,

-- 
Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager
http://www.manico.net


> I was just trying to implement a MessageUtils class that acts as a 
> centralized message-getting mechanism.  I was checking to see how 
> ESAPI dealt with properties file changes, and noticed that in line 210 
> of the DefaultSecurityConfiguration:
>
> //    private static long lastModified = -1;
>
>  the lastModified variable had been commented out, as if there was 
> consideration for this, but then it was removed.  Is there a security 
> concern in checking for properties file changes each time they are 
> called on, or is it enough just to check lastModified against the 
> properties file and synchronize access to it?
>
> Thank you,
>
> Owen
>
> p.s. Congrats on the speech at AppSecUSA.
> ------------------------------------------------------------------------
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>   


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100711/286b534c/attachment.html 


More information about the Esapi-user mailing list