Kevin W. Wall
Kevin W. Wall
Just an FYI...this may be tricky to fix because the current plans are to support whatever JDK 7 supports at least for one more release and GCMParameterSpec won't be in...
Sigh. Had GCMParameterSpec extended IVParameterSpec here rather than simply implementing the simple marker interface AlgorithmParameterSpec, this would have worked, or at least I could have made it work more easily....
@kravietz Yeah, my plan for eventually would be to replace swap out the current implementation with Google Tink. (I just added Tink as a recommendation for strong crypto on the...
"esapi-new" as you are calling it is going to be a complete rewrite... what we have been referring to as ESAPI 3.0. The plan is to make it much more...
The strategy here should be for new versions of ESAPI to always create the Encryptor.MasterKey and Encryptor.MasterSalt as hex-encoded values and when it comes to decoding, first try hex-decoding and...
@xeno6696 May be using XPath, but not ESAPI's Encoder.encodeForXPath(). XPath is like a whole language unto itself, but it also generally has to operate on UTF-8, right (since that is...
Sigh. We really need to sign up a contributor whose GitHub user name is Godot so we can tag all these types of things as "Waiting for godot" (Dang; now...
That works fine. I'd maybe add @see Javadoc annotation to refer them to these 2 OWASP wiki pages: https://www.owasp.org/index.php/XPATH_Injection_Java and https://www.owasp.org/index.php/XPATH_Injection -kevin -- Blog: http://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall NSA: All...
We either need to fix it or deprecate it. Ideally, when you deprecate something, we ought to replace it with something (better). Generally an annotation like: `@deprecated Sorry; you're SOL`...
Any of you who are helping with ESAPI in terms of doing documentation want to take on adding something like this to either a local GitHub wiki page or maybe...