[Esapi-user] [OWASP-ESAPI] Issues with Encryption api..

Jim Manico jim.manico at owasp.org
Mon Oct 25 09:02:04 EDT 2010


Kevin,

Please just be descriptive in the check-in comments, we will use those in
the next release.

Should we rush out a rc11 release due to this issue?

- Jim


-----Original Message-----
From: Kevin W. Wall [mailto:kevin.w.wall at gmail.com] 
Sent: Monday, October 25, 2010 2:45 AM
To: Nishi Kumar
Cc: jim.manico at owasp.org; ESAPI-Users
Subject: Re: [OWASP-ESAPI] Issues with Encryption api..

On 10/24/2010 03:32 PM, Nishi Kumar wrote:
> 
> 
> Hi All,
>  
> I was trying to use encryption API's from ESAPI-2.0-rc7 and I was getting
exception in DefaultSecurityConfiguration.java class in this line.
>  
> public static final String DEFAULT_ENCRYPTION_IMPLEMENTATION =
"org.owasp.esapi.reference.JavaEncryptor";
>  
> It seems JavaEncryptor now exists in crypto package. Documentation also
had the similar reference.

Yep. You're absolutely right. That one was overlooked, as was the javadoc
reference in SecurityProviderLoader.

The only other documentation reference that I found where the package name
was
still org.owasp.esapi.reference was in esapi4java-core-2.0-install.doc. Is
that the documentation that you were referring to where it was wrong?

I have just committed these changes so they will be available in the next
ESAPI 2.0 release, or from SVN, if you build from there.

Jim: Did you want a Google issue created for this as well, or is it
sufficient
     to just fix it like I did? (Just being lazy!)

Thanks,
-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME



More information about the Esapi-user mailing list