[OWASP-ESAPI] ESAPI 2.0r6 web application failure

Kevin W. Wall kevin.w.wall at gmail.com
Fri Apr 23 00:46:57 EDT 2010 

I am going to post a reply to this, but on the ESAPI-Users list. Please continue
the discussion there as owasp-esapi is obsolete.

Jim: Can't we shutdown the owasp-esapi list so that this will stop happening?

-kevin

Jim Manico wrote:
> Mr Wall - any thoughts here?
> 
> - Jim
> 
>> Hello,
>>
>> I am using ESAPI 2.0r6 with Tomcat 6.0.20, JDK 1.6.0_20. I have
>> configured esapi.properties and validation.properties. I am extending
>> PropertyPlaceholderConfigurer for Spring to decrypt a properties file.
>>
>> eg.
>>
>> package utils;
>>
>> import java.io.File;
>> import java.io.FileInputStream;
>> import java.io.IOException;
>> import java.util.Properties;
>>
>> import org.owasp.esapi.EncryptedProperties;
>> import org.owasp.esapi.errors.EncryptionException;
>> import org.owasp.esapi.reference.crypto.DefaultEncryptedProperties;
>> import
>> org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
>>
>> public class MyPropertyPlaceholderConfigurer extends
>> PropertyPlaceholderConfigurer {
>>       // private final Properties _props;
>>
>>       public MyPropertyPlaceholderConfigurer() {
>>           super();
>>       }
>>
>>       // @Override
>>       protected void loadProperties( final Properties props ) throws
>> IOException {
>>       EncryptedProperties loader = new DefaultEncryptedProperties();
>>       loader.load( new FileInputStream( new File( "jdbc.properties") ));
>>
>>       try {
>>           props.setProperty( "database.driver", loader.getProperty(
>> "database.driver" ));
>>           props.setProperty( "database.url", loader.getProperty(
>> "database.url" ));
>>           props.setProperty( "database.username", loader.getProperty(
>> "database.username" ));
>>           props.setProperty( "database.password", loader.getProperty(
>> "database.password" ));
>>       } catch( EncryptionException ee ) {
>>           ee.printStackTrace();
>>       }
>> }
>>
>> When I run my application, my application stalls and I get the following
>> error:
>>
>> ERROR [SECURITY FAILURE Anonymous:null at unknown ->  /<Application>/Base64]
>> Bad Base64 input character at 3: 46(decimal)
>> WARN  [SECURITY FAILURE Anonymous:null at unknown ->
>> /<Application>/IntrusionDetector] Couldn't decrypt property
>>
>> What am I doing wrong?
>> _______________________________________________
>> OWASP-ESAPI mailing list
>> OWASP-ESAPI at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-esapi
>>    
> 
> 


-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME

More information about the OWASP-ESAPI mailing list