[OWASP-ESAPI] Migrating from ESAPI 1.4 to 1.5

Jim Manico jim.manico at aspectsecurity.com
Sat Dec 27 01:15:18 EST 2008 

2) and 3) are no longer troubling me. I'm fully up and running with ESAPI 1.5 and all is well! =)
 
We fixed these problems by removing a feature from the SafeRequest object + made a small change to cookie handling code - and I'm off and running.
 
Logger.info still does lot log in the baseline ESAPI implementation, but that's a legacy bug.
 
Jeff, is there a bug tracking system (google code) that we should use to add comments in?
 
-- 
Jim Manico, Senior Application Security Engineer
jim.manico at aspectsecurity.com
(301) 604-4882 (work)
(808) 652-3805 (cell)

Aspect Security(tm)
Securing your applications at the source
http://www.aspectsecurity.com

________________________________

From: owasp-esapi-bounces at lists.owasp.org on behalf of Jim Manico
Sent: Fri 12/26/2008 6:42 PM
To: ESAPI OWASP
Subject: [OWASP-ESAPI] Migrating from ESAPI 1.4 to 1.5



Migrating from ESAPI 1.4 to 1.5 continues to be painful.

 

1)      Logger.info no longer logs anything, no matter how I call it, when using the default ESAPI logging setup

2)      The new authenticator code blew up my entire auth system, which I had to re-write to use ThreadLocal (still in progress). I was getting a circular reference since I can no longer ever get my user object from the raw session; the forced SafeRequest code killed me

3)      Some of my struts actions are no longer forwarding to their respective JSP after returning the action value....

 

I'll keep digging... anyone having similar problems?

 

 

 

 

 

Jim Manico, Senior Application Security Engineer

jim.manico at aspectsecurity.com <mailto:jim.manico at aspectsecurity.com> 

(301) 604-4882 (work) 

(808) 652-3805 (cell) 

 

Aspect Security(tm)

Securing your applications at the source <http://www.aspectsecurity.com/aboutaspect.htm> 

http://www.aspectsecurity.com <http://www.aspectsecurity.com/> 

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20081227/2e81f8e2/attachment.html

More information about the OWASP-ESAPI mailing list