[Esapi-user] org.owasp.esapi.filters.SecurityWrapperRequest and WrapperResponse

Lukas, Ray Ray.Lukas at supermedia.com
Mon May 23 14:53:39 EDT 2011


No problem.. hey.. thanks so much for getting back to me well US.. thanks boss..
Right now I am trying to figure out how to set up the SwingSet Demo.. Not having much luck with that actually.. Have you guys done that.. (that was probably a STUPID questions, but I have not learned my way around this stuff yet nor the list..
Bottom line on this issue is that we should all use those two wrapper classes.. excellent and it is a nice approach.. so I am happy.. :)

Ray Lukas | Software Engineer | SuperMedia |
T.508.314.4257
________________________________
From: Kevin W. Wall [mailto:kevin.w.wall at gmail.com]
Sent: Monday, May 23, 2011 2:18 PM
To: Jim Manico
Cc: Lukas, Ray; esapi-user at lists.owasp.org
Subject: Re: [Esapi-user] org.owasp.esapi.filters.SecurityWrapperRequest and WrapperResponse


Ray, Jim,

My bad. I had on my TODO list an item to restore SafeRequest, implement it via SecurityWrapperRequest, & then mark SafeRequest as deprecated. That's the proper way to handle something like this. (Otherwise, you break existing code.) Unfortunately, I forgot about it b/c I did not create a Google Issue for this. So, mea culpa.

-kevin
--
Kevin W. Wall
Sent from DroidX; please excuse typos.
On May 23, 2011 11:30 AM, "Jim Manico" <jim.manico at owasp.org<mailto:jim.manico at owasp.org>> wrote:
> SecurityWrapperRequest is indeed the new SafeRequest :)
>
> Jim Manico
>
> On May 23, 2011, at 4:21 PM, "Lukas, Ray" <Ray.Lukas at supermedia.com<mailto:Ray.Lukas at supermedia.com>> wrote:
>
>>
>>
>> Simple Yes No question I hope..
>>
>>
>>
>> I am new to ESAPI and working to understand what I think will be a HUGE help to us.
>>
>> I am reading (what I am sure is a old document) www.owasp.org/images/7/79/ESAPI_Book.pdf<http://www.owasp.org/images/7/79/ESAPI_Book.pdf>
>>
>>
>>
>> On Page 51 it identifies several threats dealing with Session objects and some ways to deal with them.
>>
>> SafeRequest no longer seems to exist..
>>
>> So I should use
>>
>> org.owasp.esapi.filters.SecurityWrapperRequest
>>
>> and
>>
>> org.owasp.esapi.filters.SecurityWrapperResponse
>>
>> and I should use these in my servlet input parameters to take care of these threats? Or do I need to do more?
>>
>>
>>
>> Thanks Guys:
>>
>> ray
>>
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org<mailto:Esapi-user at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/esapi-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110523/ddff71db/attachment.html 


More information about the Esapi-user mailing list