[Esapi-user] Properties File modification

Owen Berger owen.k.berger at gmail.com
Sat Jul 10 19:51:55 EDT 2010


I was just trying to implement a MessageUtils class that acts as a
centralized message-getting mechanism.  I was checking to see how ESAPI
dealt with properties file changes, and noticed that in line 210 of the
DefaultSecurityConfiguration:

//    private static long lastModified = -1;

 the lastModified variable had been commented out, as if there was
consideration for this, but then it was removed.  Is there a security
concern in checking for properties file changes each time they are called
on, or is it enough just to check lastModified against the properties file
and synchronize access to it?

Thank you,

Owen

p.s. Congrats on the speech at AppSecUSA.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100710/b76ad759/attachment.html 


More information about the Esapi-user mailing list