[Esapi-user] Fwd: Query about the users.txt

Jim Manico jim.manico at owasp.org
Fri Mar 23 09:16:37 UTC 2012


The FileIO version of the Authenticator is a non-thread-safe proof of
concept only. Build a database-driven version of it specific to your
organization!

--
Jim Manico
(808) 652-3805

On Mar 23, 2012, at 7:20 AM, Rickesh John <generic.bloodsucker at gmail.com>
wrote:

Hey there,

I am using the users.txt file to save all the data currently. But I fail to
understand why does it save the last host address of the user on file. I
mean, sure to prevent a CSRF, but that thing is taken care of while the app
is running. Any change in the host address mid-session will be caught. Then
again, what's the need to save it on file. Also, wouldn't it be a problem
when the user actually tries to access his/her account from a totally
different network.



-- 
U're still standing coz it illegal to KilL U
-Rickesh

_______________________________________________
Esapi-user mailing list
Esapi-user at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/esapi-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20120323/869d6900/attachment.html>


More information about the Esapi-user mailing list