[Esapi-user] ESAPI Question from the community

Samantha Groves samantha.groves at owasp.org
Thu Nov 29 13:39:55 UTC 2012


Dear ESAPI List Members,

I was wondering if you could provide some assistance to Mr. Rohit Sharma,
cced into this message. I received a query from him today regarding an
ESAPI download. He got the download from here:
http://code.google.com/p/owasp-esapi-java/downloads/list . Please do have a
look and let me know if you are able to help.

Please see his message below:

-------
I am using OWASP in a project to generate random password and also to
verify if password strength is strong enough. For both of these feature I
found incorrect documentation and incomplete implementation. I downloaded
2.0.1 version for Java. Here is couple of problems: 1- Verify password
method doesn't check if new password's length has minimum of 8 characters.
Doesn't even have configuration to support this feature, so I have to
program it further to make it happen.
2- Generate password method doesn't ensure that generated password has at
least one lower, upper, digit, and special character, so I have to improve
this feature as well. Please guide me if OWASP is aware of these missing
things or I am missing someting or got the incorrect version
(esapi-2.0.1-dist.zip ).
-------

Thank you very much in advance for your assistance.

-- 

*Samantha Groves, MBA*****

*OWASP Project Manager*

*
*

The OWASP Foundation

London, United Kingdom

Email: samantha.groves at owasp.org

Skype: samanthahz


Book a Meeting with Me <http://goo.gl/mZXdZ>

OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>

New Project Application
Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20121129/68a4125f/attachment.html>


More information about the Esapi-user mailing list