[Esapi-user] [OWASP-ESAPI] Issues with Encryption api..

Kevin W. Wall kevin.w.wall at gmail.com
Fri Oct 29 18:37:43 EDT 2010

On 10/25/2010 09:02 AM, Jim Manico wrote:
> Kevin,
> Please just be descriptive in the check-in comments, we will use those in
> the next release.
> Should we rush out a rc11 release due to this issue?


Apologies for not following up on this sooner.

I don't think that we need to *rush* an rc11 release out because of this.
This property is set correctly in the 2.0_rc10
configuration/.esapi/ESAPI.properties file and this

    public static final String DEFAULT_ENCRYPTION_IMPLEMENTATION =

fix in DefaultSecurityConfiguration should only come into play
if one does *not* have the property ESAPI.Encryptor set in
ESAPI.properties. The others affected only documentation. If one
is trying to convert a 1.4 ESAPI.properties file to what 2.0 uses,
then this possibly may happen, but otherwise I don't think it is
too likely.

So, I think we can wait for the normal release candidate
cycle until these fixes get picked up.

Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME

More information about the Esapi-user mailing list