[Esapi-user] ESAPI Logging bad data

Tony M dev at cfreak.net
Thu May 30 22:27:24 UTC 2013


Hello,

I am using ESAPI in one of my application. It seems that ESAPI is logging
bad data:

WARNING: [SECURITY FAILURE] Invalid input: context=validate_filename,
type(FileName)=^[[email protected]#$%^&{}\[\]()_+\-=,.~'` ]{1,255}$, input=

INFO: I AM FORGING YOUR LOG

in the log file. Isn't that subject to log forging? I know that showing the
data in the log has benefit. Any advice in solving this issue?

Thanks,

Tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20130530/af266fa1/attachment.html>


More information about the Esapi-user mailing list