Max Gelman
Max Gelman
Can't seem to make autogen.sh find lemur library. I did run ldconfig to update. Probably a simple path issue. I am using Lemur 5.1 with latest pull of pymur on...
_From [[email protected]](https://code.google.com/u/108155155500833528712/) on April 20, 2011 02:52:37_ What steps will reproduce the problem? 1.Use Validator.validateInput method for some validation. some people are facing error 2. Error comes java.lang.NoClassDefFoundError: org/owasp/esapi/errors/EncodingException 3....
_From [[email protected]](https://code.google.com/u/[email protected]/) on December 31, 2010 06:54:16_ There are presently (as of ESAPI 2.0_rc10) two encoders that are LDAP-related: 1) Encoder.encodeForDN(String) 2) Encoder.encodeForLDAP(String) Neither of these seem to properly handle...
_From [[email protected]](https://code.google.com/u/[email protected]/) on November 10, 2010 22:10:43_ (From Kevin Wall) Built utilities for tamper resistant audit logs. Schneier and Kelsey have a good paper on how to do this using...
_From [[email protected]](https://code.google.com/u/[email protected]/) on May 06, 2011 16:11:15_ The ESAPI reference implementation contains a weak salting mechanism for password storage. (Currently uses a known value, the account name) It also does...
_From [[email protected]](https://code.google.com/u/[email protected]/) on February 06, 2010 11:56:48_ There is no javadoc package description (package.html) for the 2 access control related packages, org.owasp.esapi.reference.accesscontrol and org.owasp.esapi.reference.accesscontrol.policyloader. (Note that all the other ESAPI...
_From [[email protected]](https://code.google.com/u/106646633181390115280/) on October 30, 2010 22:03:27_ This is a set of Java files and a TLD for generating secure random numbers for Anti-CSRF JSP Tags. adds a hidden input...
_From [[email protected]](https://code.google.com/u/101715130151500774229/) on November 12, 2009 17:17:08_ What steps will reproduce the problem? 1. call ESAPI.setLogFactory to set a LogFactory Programmatically. 2. call ESAPI.securityConfiguration() What is the expected output? What...
_From [[email protected]](https://code.google.com/u/104254315182241662542/) on November 08, 2010 03:36:40_ In the current ESAPI implementation, a central encryption key is generated by the JavaEncryptor command line tool and stored in plain in the...
_From [chrisisbeef](https://code.google.com/u/chrisisbeef/) on November 20, 2010 16:13:38_ Splitting ESAPI into manageable components to reduce the footprint and allow developers to customize their implementation to fit their specific needs. _Original issue:...