[Esapi-user] Fwd: Query about the users.txt

Rickesh John generic.bloodsucker at gmail.com
Fri Mar 23 10:57:25 UTC 2012


Thanks for the reply. I think I will go through the code one more time to
get a hang of it. BTW, excellent work by you guys. Cheers!!!

On Fri, Mar 23, 2012 at 2:46 PM, Jim Manico <jim.manico at owasp.org> wrote:

> The FileIO version of the Authenticator is a non-thread-safe proof of
> concept only. Build a database-driven version of it specific to your
> organization!
> --
> Jim Manico
> (808) 652-3805
> On Mar 23, 2012, at 7:20 AM, Rickesh John <generic.bloodsucker at gmail.com>
> wrote:
> Hey there,
> I am using the users.txt file to save all the data currently. But I fail
> to understand why does it save the last host address of the user on file. I
> mean, sure to prevent a CSRF, but that thing is taken care of while the app
> is running. Any change in the host address mid-session will be caught. Then
> again, what's the need to save it on file. Also, wouldn't it be a problem
> when the user actually tries to access his/her account from a totally
> different network.
> --
> U're still standing coz it illegal to KilL U
> -Rickesh
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user

U're still standing coz it illegal to KilL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20120323/3c6e0e1e/attachment.html>

More information about the Esapi-user mailing list