[Esapi-user] IntrusionException and IntrusionDetector
weiping_guo at yahoo.com
Thu Jun 23 10:34:43 EDT 2011
I need some help on understanding Intrusion detection. The Validator interface throws IntrusionException. The JavaDoc says "input that is clearly an attack will generate a descriptive IntrusionException." My question is how the intrusion is detected? what 'clearly' means in here? Any sceneraio is appreciated.
Suppose, an intrusion is detected. I assume the ESAPI.IntrusionDetector (org.owasp.esapi.reference.DefaultIntrusionDetector, for example)defined in the config file will be notified. Can I assume the IntrusionDetector will be invoked automatically whenever IntrusionException is thrown? How it works?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user