[Esapi-user] Properties File modification

Jim Manico jim.manico at owasp.org
Sun Jul 11 21:07:58 EDT 2010


Good catch, thanks!

Can you please take a look at...


...and see if we are tracking this feature request? If not, could you 
please add this issue?

Thanks Owen,

Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager

> I was just trying to implement a MessageUtils class that acts as a 
> centralized message-getting mechanism.  I was checking to see how 
> ESAPI dealt with properties file changes, and noticed that in line 210 
> of the DefaultSecurityConfiguration:
> //    private static long lastModified = -1;
>  the lastModified variable had been commented out, as if there was 
> consideration for this, but then it was removed.  Is there a security 
> concern in checking for properties file changes each time they are 
> called on, or is it enough just to check lastModified against the 
> properties file and synchronize access to it?
> Thank you,
> Owen
> p.s. Congrats on the speech at AppSecUSA.
> ------------------------------------------------------------------------
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100711/286b534c/attachment.html 

More information about the Esapi-user mailing list