[Esapi-user] (no subject)

Kevin W. Wall kevin.w.wall at gmail.com
Wed Nov 21 15:57:47 UTC 2012

Hi Vijay,

On Wed, Nov 21, 2012 at 6:33 AM, viijay.mani <viijay.mani at gmail.com> wrote:
> Hi,
> Whats the difference between ESAPI 2.0GA.jar and ESAPI1.4.5a.jar....?

ESAPI 2.0 is a major release. Lots of bug fixes (e.g.,
code made thread-safe, symmetric encryption fixed, etc.).
ESAPI 1.4.x is the previous release. Unless you need 1.4.x
for legacy code, the recommendation is to upgrade to
ESAPI 2.0.1, which is the latest official 2.x release.

> Why ESAPI.properties is not in Latest version...?

It was an oversight. You will find it in the
"esapi-2.0.1-configuration.zip" file under the Downloads tab.

> How can i load ESAPI.properties in new version since i am getting
> FileNotFound exception. Whereas in 1.4.5a i am not facing this error.

For reasons I won't go into, but have to do with additional flexibility,
ESAPI 2.0 looks for the ESAPI.properties differently than in 1.4.x.

> Kindly guide me how to laod the ESAPI.properties file in new version
> Could anyone help me regarding this....?

Well, the easiest way to do this is to set the system property,
"org.owasp.esapi.resources" to the *directory* where your
ESAPI.properties file resides. Usually this is done as an argument to
the 'java' command; e.g.,

    java -Dorg.owasp.esapi.resources=/full/path/to/ESAPI/config/dir ...

If your are having trouble getting it to work, take a look at the example
scripts and the README under "src/examples" when you unzip the
ESAPI 2.x source code.

Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein

More information about the Esapi-user mailing list