[Esapi-user] org.owasp.esapi.filters.SecurityWrapperRequest and WrapperResponse

Kevin W. Wall kevin.w.wall at gmail.com
Mon May 23 14:18:20 EDT 2011


Ray, Jim,

My bad. I had on my TODO list an item to restore SafeRequest, implement it
via SecurityWrapperRequest, & then mark SafeRequest as deprecated. That's
the proper way to handle something like this. (Otherwise, you break existing
code.) Unfortunately, I forgot about it b/c I did not create a Google Issue
for this. So, mea culpa.

-kevin
--
Kevin W. Wall
Sent from DroidX; please excuse typos.
On May 23, 2011 11:30 AM, "Jim Manico" <jim.manico at owasp.org> wrote:
> SecurityWrapperRequest is indeed the new SafeRequest :)
>
> Jim Manico
>
> On May 23, 2011, at 4:21 PM, "Lukas, Ray" <Ray.Lukas at supermedia.com>
wrote:
>
>>
>>
>> Simple Yes No question I hope..
>>
>>
>>
>> I am new to ESAPI and working to understand what I think will be a HUGE
help to us.
>>
>> I am reading (what I am sure is a old document)
www.owasp.org/images/7/79/ESAPI_Book.pdf
>>
>>
>>
>> On Page 51 it identifies several threats dealing with Session objects and
some ways to deal with them.
>>
>> SafeRequest no longer seems to exist..
>>
>> So I should use
>>
>> org.owasp.esapi.filters.SecurityWrapperRequest
>>
>> and
>>
>> org.owasp.esapi.filters.SecurityWrapperResponse
>>
>> and I should use these in my servlet input parameters to take care of
these threats? Or do I need to do more?
>>
>>
>>
>> Thanks Guys:
>>
>> ray
>>
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110523/669900e5/attachment.html 


More information about the Esapi-user mailing list