[Esapi-user] [Esapi-dev] Esapi logging question

Jim Manico jim.manico at owasp.org
Sun Jan 24 20:12:18 EST 2010

Good suggestion, Craig. I'm tracking this here


- Jim

> Just wanted to point out that that code was designed to not disclose
> all configuration variables. It would filter out any parameter with
> "Master" in the name, so the MasterSalt has never (?) been printed
> during the parsing of the configuration.
> That being said, I don't think that was a great solution either. I
> would love to see a boolean configuration variable indicating whether
> or not to dump the configuration to the console AND a globbing
> configuration variable indicating what to never print. Something like....
> General.PrintConfiguration = true
> General.NeverPrint = "Master*, General*"

Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager

More information about the Esapi-user mailing list