[Owasp-appsensor-project] Custom AppSensorSecurityConfiguration

John Melton jtmelton at gmail.com
Wed Aug 24 08:54:43 EDT 2011


Theo,
In short, this is currently not possible with AppSensor. Could you file a
bug at http://code.google.com/p/appsensor/issues/list so that we can track
this and get the functionality added in to handle it?
Also, just a quick question - if you can offer specifics, what are you doing
generally to "encrypt/protect the key"? I know a lot of folks have
complained that they would like to separate the master key out to another
file, but it's not encrypted then - just filesystem controls on the actual
key file. The issue is if you encrypt it, then you have another key to
manage ... so what are you actually doing?

Thanks,
John

On Wed, Aug 24, 2011 at 7:52 AM, Theo van Niekerk <theovn at owasp.org> wrote:

> Hi
>
> I'm using my own SecurityConfiguration class for ESAPI. I have a
> requirement to protect/encrypt the Master key and the
> DefaultSecurityConfiguration setup can't do that.
>
> I want to use AppSensor, but it requires ESAPI to use the
> org.owasp.appsensor.AppSensorSecurityConfiguration.
>
> I can adapt my own SecurityConfiguration to include the
> AppSensorSecurityConfiguration stuff but how to I configure AppSensor to use
> this config. AppSensor ignores the
> -Dorg.owasp.esapi.SecurityConfiguration=... setting.
>
> What to do?
>
> Cheers
> Theo
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20110824/0353b268/attachment.html 


More information about the Owasp-appsensor-project mailing list