[Esapi-user] [OWASP-ESAPI] Issues with Encryption api..

Kevin W. Wall kevin.w.wall at gmail.com
Fri Oct 29 18:37:43 EDT 2010


On 10/25/2010 09:02 AM, Jim Manico wrote:
> Kevin,
> 
> Please just be descriptive in the check-in comments, we will use those in
> the next release.
> 
> Should we rush out a rc11 release due to this issue?

Jim,

Apologies for not following up on this sooner.

I don't think that we need to *rush* an rc11 release out because of this.
This property is set correctly in the 2.0_rc10
configuration/.esapi/ESAPI.properties file and this

    public static final String DEFAULT_ENCRYPTION_IMPLEMENTATION =
	"org.owasp.esapi.reference.crypto.JavaEncryptor";
                                   ^^^^^^^

fix in DefaultSecurityConfiguration should only come into play
if one does *not* have the property ESAPI.Encryptor set in
ESAPI.properties. The others affected only documentation. If one
is trying to convert a 1.4 ESAPI.properties file to what 2.0 uses,
then this possibly may happen, but otherwise I don't think it is
too likely.

So, I think we can wait for the normal release candidate
cycle until these fixes get picked up.

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME


More information about the Esapi-user mailing list