[OWASP-ESAPI] ESAPI 2.0r6 web application failure
Jim Manico
jim.manico at owasp.org
Thu Apr 22 15:13:01 EDT 2010
Mr Wall - any thoughts here?
- Jim
> Hello,
>
> I am using ESAPI 2.0r6 with Tomcat 6.0.20, JDK 1.6.0_20. I have
> configured esapi.properties and validation.properties. I am extending
> PropertyPlaceholderConfigurer for Spring to decrypt a properties file.
>
> eg.
>
> package utils;
>
> import java.io.File;
> import java.io.FileInputStream;
> import java.io.IOException;
> import java.util.Properties;
>
> import org.owasp.esapi.EncryptedProperties;
> import org.owasp.esapi.errors.EncryptionException;
> import org.owasp.esapi.reference.crypto.DefaultEncryptedProperties;
> import
> org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
>
> public class MyPropertyPlaceholderConfigurer extends
> PropertyPlaceholderConfigurer {
> // private final Properties _props;
>
> public MyPropertyPlaceholderConfigurer() {
> super();
> }
>
> // @Override
> protected void loadProperties( final Properties props ) throws
> IOException {
> EncryptedProperties loader = new DefaultEncryptedProperties();
> loader.load( new FileInputStream( new File( "jdbc.properties") ));
>
> try {
> props.setProperty( "database.driver", loader.getProperty(
> "database.driver" ));
> props.setProperty( "database.url", loader.getProperty(
> "database.url" ));
> props.setProperty( "database.username", loader.getProperty(
> "database.username" ));
> props.setProperty( "database.password", loader.getProperty(
> "database.password" ));
> } catch( EncryptionException ee ) {
> ee.printStackTrace();
> }
> }
>
> When I run my application, my application stalls and I get the following
> error:
>
> ERROR [SECURITY FAILURE Anonymous:null at unknown -> /<Application>/Base64]
> Bad Base64 input character at 3: 46(decimal)
> WARN [SECURITY FAILURE Anonymous:null at unknown ->
> /<Application>/IntrusionDetector] Couldn't decrypt property
>
> What am I doing wrong?
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi
>
--
Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager
http://www.manico.net
More information about the OWASP-ESAPI
mailing list