[Esapi-user] IntrusionException and IntrusionDetector

weiping guo weiping_guo at yahoo.com
Thu Jun 23 10:34:43 EDT 2011

I need some help on understanding Intrusion detection. The Validator interface throws IntrusionException. The JavaDoc says "input that is clearly an attack will generate a descriptive IntrusionException." My question is how the intrusion is detected? what 'clearly' means in here? Any sceneraio is appreciated.
Suppose, an intrusion is detected. I assume the ESAPI.IntrusionDetector (org.owasp.esapi.reference.DefaultIntrusionDetector, for example)defined in the config file will be notified. Can I assume the IntrusionDetector will be invoked automatically whenever IntrusionException is thrown? How it works?
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110623/241713cd/attachment.html 

More information about the Esapi-user mailing list