[Esapi-user] Stuck with lasthostaddress

Kevin W. Wall kevin.w.wall at gmail.com
Wed Mar 21 04:39:54 UTC 2012


Prashmit,

On Tue, Mar 20, 2012 at 2:06 AM, Prashmit Tanay <prashmittanay at gmail.com> wrote:
> Hi,
>
> I am a beginner with OWASP's ESAPI. While trying to understand how it works

Magic! <Insert Arthur C. Clarke quote here!>

> I found myself stuck at the getlastHostAddress() which returned "unknown"
> when I ran it for the first time. Actually, it returns "unknown" every time
> I create a user. How do I get around this? Do I have to manually enter the
> last IP everytime in the users.txt file or am doing something wrong?
> Please advice.

Uh, pardon this dumb question, but you *did* remember to set
it when you authenticated your user, correct? Something like:

    ESAPI.authenticator().getCurrentUser().setLastHostAddress(
request.getRemoteAddr() );

Or, if you prefer a host name instead of an IP address, use

    request.getRemoteHost()

Maybe you thought that the Authenticator.login() method would
do that for you, but it doesn't.

Now, if on the other hand, you are setting it, you will have to give us
a bit more details...ideally a short code snippet that shows us what
you are doing.

-kevin
-- 
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein


More information about the Esapi-user mailing list