[Esapi-user] ESAPI Swingset

Jim Manico jim.manico at owasp.org
Wed Jan 13 20:08:34 EST 2010


I'm going to release 1.4.2 with the ability to disable the intrusion
detection mechanism via configuration by Monday.

> Also with the properties file, in version 1.4, is there an easier way
to extend it?

I'm not sure I follow. More info, please?

- Jim

> Hi Jim,
>  
> I would like to ask when is the new 1.4.2 version be out? At this
> stage I am not able to use the ESAPI 2.0 rc4 as the webapp need to run
> on JDK1.4.
> Also with the properties file, in version 1.4, is there an easier way
> to extend it?
> Thanks.
>  
> Johan Lim
>
> On Wed, Jan 13, 2010 at 10:54 AM, Johan Lim <johanlim76 at gmail.com
> <mailto:johanlim76 at gmail.com>> wrote:
>
>     Hi Jim,
>      
>     Thanks for the info. I wil give the ESAPI 2.0 rc4 a try.
>      
>     JohanLim.
>
>     On Wed, Jan 13, 2010 at 10:30 AM, Jim Manico <jim.manico at owasp.org
>     <mailto:jim.manico at owasp.org>> wrote:
>
>         Johan,
>
>         I externalized all property files in the ESAPI 2.0 rc4 release
>         to avoid problems of this nature. You just need to put the
>         various property files in your classpath.
>
>         Can you update and give this a try please?
>
>         http://owasp-esapi-java.googlecode.com/files/ESAPI-2.0-rc4.zip
>
>         And Johan, as a open source project - and a new one at that -
>         we desperately need more docs. We're getting there....
>
>         Regards,
>         Jim
>
>
>
>>         Hi Jim,
>>          
>>         I resolved the issue in the SwingSet Sample WebApp. The
>>         changes in the ESAPI.properties files that can be found in
>>         "..\ROOT\WEB-INF\classes\resources" and in
>>         "ROOT\WEB-INF\classes" are not loaded even though the WebApp
>>         was reloaded. 
>>         To add the new regex, I need to actually extract the contents
>>         of "ESAPI-2.0.jar" and update the file
>>         "validation.properties" in the ".esapi" folder. Once the
>>         changes is added, I re-arhive all the contents again.
>>         Question:
>>         1) Which properties file does ESAPI use? Is the
>>         validation.properties or ESAPI.properties files?
>>         2) Is there a way we can extend the .properties file without
>>         having to manually extract the contents in the jar file?
>>          
>>         Thanks.
>>
>>
>>          
>>         On Tue, Jan 12, 2010 at 3:17 PM, Jim Manico
>>         <jim.manico at owasp.org <mailto:jim.manico at owasp.org>> wrote:
>>
>>             Aye, Capt'n .Tracking this request here:
>>
>>             http://code.google.com/p/owasp-esapi-java/issues/detail?id=87
>>             > Jim Manico wrote:
>>             >
>>             >> Did you reload your app after your change [to
>>             ESAPI.properties file]?
>>             >>
>>             > You have to do that? Maybe we should add a feature to
>>             have a separate thread to
>>             > watch the mod time of the file and if it is updated to
>>             re-read it. We do that
>>             > (carefully ;-) on lots of applications at my day job.
>>             Sounds like a project for
>>             > 2.1 or 3.0 release.
>>             >
>>             >
>>
>>
>>             --
>>             Jim Manico
>>             OWASP Podcast Host/Producer
>>             http://www.manico.net <http://www.manico.net/>
>>
>>
>
>
>         -- 
>         Jim Manico
>         OWASP Podcast Host/Producer
>         http://www.manico.net <http://www.manico.net/>
>
>
>


-- 
Jim Manico
OWASP Podcast Host/Producer
http://www.manico.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100113/cfa5eb96/attachment.html 


More information about the Esapi-user mailing list