[Esapi-user] disabling logging

Kevin W. Wall kevin.w.wall at gmail.com
Tue Sep 28 07:24:05 EDT 2010


Jim Manico wrote:
> So this is good, right?
> 
>  
> 
> From: augustd [mailto:augustd at codemagi.com] 
> Sent: Monday, September 27, 2010 5:28 PM
> To: Esapi-user at lists.owasp.org
> Cc: Jim Manico
> Subject: Re: [Esapi-user] disabling logging
> 
>  
> 
> I have a report from one of my users of IntrusionDetector.Disable not
> working also: 
> 
> 
> 
> I have an exception coming from the Intrusion Detection in ESAPI, I tried
> disabling it with: 
> 
>   IntrusionDetector.Disable=true
> 

Not if that's how it's supposed to work. Yesterday I saw a TRIPLE URL-encoded
cookie! Couldn't believe it, but there it was. It was (for some unknown, obtuse
reason) designed that way. Ugh!

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME


More information about the Esapi-user mailing list