Kevin W. Wall
Kevin W. Wall
@jeremiahjstacey wrote: > I would suggest: > > Add a new property to ESAPI.properties to capture the desired default logging level. (It should default to ALL) The only potential problem...
@SalmanMohammedTR - My inclination is to close this as "wontfix" unless @jeremiahjstacey can think of a solution that will not have unexpected impact. It doesn't sound like there are any...
@xeno6696 - You left off the '*' just before the '$' at the end. That's pretty important! ;-) I'm guessing this regex was created as if you were going to...
Also, I believe inside a character class, if '-' is the last (and perhaps the first as well; I'd have to look it up), then it doesn't need to be...
A 'bug' in the sense that it likely wasn't intended. Seems unlikely that we would generally allow a leading '-' in an HTTP header value, although AFAICT, it should be...
When I want a minus sign in the character class, I generally place it as the first character where it it treated as a literal '-'. That said, > If...
As long as adding in a leading '-' doesn't break any tests, I'm fine with putting it in. If we do so though, jam it in as the first character,...
Special note: By this, I am NOT referring to blockchain! There are other means such as described by Schneier and Kelsey (e.g., see https://www.schneier.com/academic/paperfiles/paper-auditlogs.pdf), which is what I had in...
That would be my preference. It might keep someone from undoing the change later. -kevin On Mon, Jan 25, 2021, 10:31 PM Matt Seil wrote: > If you want it...
I am marking this as Milestone 3.0 because I don't think it is something that we want to tackle in ESAPI 2.x as we probably will want to wait until...