[Esapi-user] [Esapi-dev] Esapi logging question

Jim Manico jim.manico at owasp.org
Sun Jan 24 20:12:18 EST 2010


Good suggestion, Craig. I'm tracking this here

http://code.google.com/p/owasp-esapi-java/issues/detail?id=96

- Jim

> Just wanted to point out that that code was designed to not disclose
> all configuration variables. It would filter out any parameter with
> "Master" in the name, so the MasterSalt has never (?) been printed
> during the parsing of the configuration.
>
> That being said, I don't think that was a great solution either. I
> would love to see a boolean configuration variable indicating whether
> or not to dump the configuration to the console AND a globbing
> configuration variable indicating what to never print. Something like....
>
> General.PrintConfiguration = true
> General.NeverPrint = "Master*, General*"


-- 
Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager
http://www.manico.net



More information about the Esapi-user mailing list