[Esapi-user] Feedback on ESAPI 1.4.2
mungo_carstairs at standardlife.com
Tue Jan 26 10:22:07 EST 2010
Good to see this ported so quickly, much appreciated.
We are still on WebSphere 5.1 / Servlet 2.3 / JSP 1.2 so I had to remove a
few unsupported methods (as per Esapi 1.4).
Also had to add an unimplemented method to ExecutorTest.Conf to get it to
Can files named test* in folder src/main/resources be removed (are they
for test only)?
Not sure about Validator.Redirect=^\\/test.*$. Should I change this to
I found the hint about setting "-Dorg.owasp.esapi.resources" in AllTests,
but also had to set variable "basedir=." as not set by my environment.
Some tests that expect "C:\\Windows" fail on our desktops (XP) which have
Otherwise just failures in EncoderTest.testDoubleEncodingCanonicalization.
I see that these match the test results in the distribution.
I mark accessController(), authenticator(), intrusionDetector() and
ESAPIFilter as deprecated, as they don't coexist with our existing
Isn't this better abstracted out of the application layer into the
container (e.g. using JAAS)?
Regards and honour,
Senior Systems Developer
Standard Life Employee Services Limited
Tel: +44 (0)131 246 2785
This e-mail is confidential and, if you are not the intended recipient,
please return it to us and do not retain or disclose it. We filter and
monitor e-mails in order to protect our system and the integrity,
confidentiality and availability of e-mails. We cannot guarantee that
e-mails are risk free and are not responsible for any related damage or
unauthorised alteration of e-mails by third parties after sending.
For more information on Standard Life group, visit our website
Standard Life plc (SC286832), Standard Life Assurance Limited* (SC286833)
and Standard Life Employee Services Limited (SC271355) are all registered
in Scotland at Standard Life House, 30 Lothian Road, Edinburgh EH1 2DH.
*Authorised and regulated by the Financial Services Authority. 0131 225
2552. Calls may be recorded/monitored. Standard Life group includes
Standard Life plc and its subsidiaries.
Please consider the environment. Think - before you print.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user