[Esapi-user] disabling logging

Saad Shakil sshakil at rim.com
Fri Sep 24 09:59:13 EDT 2010


But intrusion detection sounds like something I should be keeping :)
Other than validation against the regex, what else does IntrusionDetector do?

From: Jim Manico [mailto:jim.manico at owasp.org]
Sent: Thursday, September 23, 2010 8:36 PM
To: Saad Shakil; Esapi-user at lists.owasp.org
Subject: RE: [Esapi-user] disabling logging

Yes, just disable Intrusion Detection and this problem should go away. To do that, please just add the following to your copy of ESAPI.properties

IntrusionDetector.Disable=true

From: esapi-user-bounces at lists.owasp.org [mailto:esapi-user-bounces at lists.owasp.org] On Behalf Of Saad Shakil
Sent: Thursday, September 23, 2010 10:38 AM
To: Esapi-user at lists.owasp.org
Subject: [Esapi-user] disabling logging

I tried setting <priority value ="off" /> in log4j.xml, but still noticed an IntrusionDetector SECURITY FAILURE on a validation exception that I catch in my code.

Secondly, separate validation and intrusion exceptions become redundant if a third intrustiondetector is already thrown.  IntrusionDetector.class reads:
"This method should immediately log the exception so that developers throwing an IntrusionException do not have to remember to log every error."
 I understand that the way we can catch an attack is through validation failure, but what distinguishing a harmless error from an actual attack?  Right now, I have it so that I violate the default 'AccountName' rule by trying to update the value to one that is of length 2 characters, when the min is three ...{3,100}$.  I haven't dug deep inside ESAPI code, but this shouldn't be treated as an exception in my case, rather just an invalid input.  And I'd like to change the logging to reflect that, and the event's handling too if possible.  Any idea on how I can go about doing this?

Thanks.
-S
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100924/cbb94cbd/attachment.html 


More information about the Esapi-user mailing list