|
||||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||
AbstractAccessReferenceMap.getUniqueReference(). Since this is a constructor, any
subclass that implements getUniqueReference() has not had it's
own constructor run. This leads to strange bugs because subclass
internal state is initializaed after calls to getUniqueReference()
have already happened. If this constructor is desired in a
subclass, consider running AbstractAccessReferenceMap.update(Set) in the subclass
constructor instead.
AbstractAccessReferenceMap.getUniqueReference(). Since this is a constructor, any
subclass that implements getUniqueReference() has not had it's
own constructor run. This leads to strange bugs because subclass
internal state is initializaed after calls to getUniqueReference()
have already happened. If this constructor is desired in a
subclass, consider running AbstractAccessReferenceMap.update(Set) in the subclass
constructor instead.
AccessControlException.
SECURITY_AUDIT event type.
SECURITY_AUDIT event type, along
with its associated exception stack trace (if any).
ANSI Mode
PlainText object to a byte array.
CipherText object.
CipherText object as a portable (i.e., network byte
ordered) serialized byte array.
CipherText object as a specialized, portable
serialized byte array.
assertAuthorized executes the AccessControlRule
that is identified by key and listed in the
resources/ESAPI-AccessControlPolicy.xml file.
assertAuthorized executes the AccessControlRule
that is identified by key and listed in the
resources/ESAPI-AccessControlPolicy.xml file.
AuthenticationAccountsException.
AuthenticationCredentialsException.
AuthenticationException.
Base64.InputStream will read data from another
java.io.InputStream, given in the constructor,
and encode/decode to/from Base64 notation on the fly.Base64.InputStream in DECODE mode.
Base64.InputStream in
either ENCODE or DECODE mode.
Base64.OutputStream will write data to another
java.io.OutputStream, given in the constructor,
and encode/decode to/from Base64 notation on the fly.Base64.OutputStream in ENCODE mode.
Base64.OutputStream in
either ENCODE or DECODE mode.
EncoderConstants.CHAR_ALPHANUMERICS instead
EncoderConstants.CHAR_DIGITS instead
EncoderConstants.CHAR_LETTERS instead
EncoderConstants.CHAR_LOWERS instead
EncoderConstants.CHAR_PASSWORD_DIGITS instead
EncoderConstants.CHAR_PASSWORD_LETTERS instead
EncoderConstants.CHAR_PASSWORD_LOWERS instead
EncoderConstants.CHAR_PASSWORD_SPECIALS instead
EncoderConstants.CHAR_PASSWORD_UPPERS instead
EncoderConstants.CHAR_SPECIALS instead
EncoderConstants.CHAR_UPPERS instead
Set<Character> (so duplicates
are removed).
Cipher except for the encryption key.Serializable interface representing the result of encrypting
plaintext and some additional information about the encryption algorithm,
the IV (if pertinent), and an optional Message Authentication Code (MAC).CipherSpec object.
CipherSpec object and the raw ciphertext.
CipherText objects.CipherText can be constructed from it.
ClickjackFilter is discussed at
http://www.owasp.org/index.php/ClickjackFilter_for_Java_EE.Encryptor.CipherText.useMAC is set to true.
KeyDerivationFunction instead. This method will be removed as of
ESAPI release 2.1 so if you are using this, please change your code.
keyDerivationKey for either
encryption / decryption or for authentication.
ConfigurationException should be thrown when a problem arises because of
a problem in one of ESAPI's configuration files, such as a missing required
property or invalid setting of a property, or missing or unreadable
configuration file, etc.System.arraycopy(src, 0, dest, 0, length).
copyByteArray(src, dest, src.length).
SecretKey.
Encryptor.decrypt(CipherText) instead, which
also ensures message authenticity. This method will be
completely removed as of the next major release or point
release (3.0 or 2.1, whichever comes first) as per OWASP
deprecation policy.
CipherText using the information from it
and the master encryption key as specified by the property
Encryptor.MasterKey as defined in the ESAPI.properties
file.
CipherText using the information from it
and the specified secret key.
CipherText using the information from it
and the master encryption key as specified by the property
Encryptor.MasterKey as defined in the ESAPI.properties
file.
CipherText using the information from it
and the specified secret key.
EncryptedProperties interface.SecurityConfiguration manages all the settings used by the ESAPI in a single place.UnsupportedOperationException
SecurityWrapperResponse.encodeRedirectUrl(String) instead.
SecurityWrapperResponse.encodeURL(String) instead.
Encryptor.encrypt(PlainText) instead, which
also ensures message authenticity. This method will be
completely removed as of the next major release or point
release (3.0 or 2.1, whichever comes first) as per OWASP
deprecation policy.
Encryptor.CipherTransformation
and the master encryption key as specified by the property
Encryptor.MasterKey as defined in the ESAPI.properties file.
Encryptor.CipherTransformation
as defined in the ESAPI.properties file and the
specified secret key.
Encryptor.CipherTransformation
and the master encryption key as specified by the property
Encryptor.MasterKey as defined in the ESAPI.properties file.
Encryptor.CipherTransformation
as defined in the ESAPI.properties file and the
specified secret key.
EncryptedProperties interface represents a properties file
where all the data is encrypted before it is added, and decrypted when it
retrieved.UnsupportedOperationException
Object.equals(Object) that safely handles nulls.
int.
long.
CipherText object from what is supposed to be a
portable serialized byte array, given in network byte order, that
represents a valid, previously serialized CipherText object
using CipherText.asPortableSerializedByteArray().
short.
List of strings of additional cipher modes that are
permitted (i.e., in addition to those returned by
#getPreferredCipherModes()) to be used for encryption and
decryption operations.
List of strings of additional cipher modes that are
permitted (i.e., in addition to those returned by
#getPreferredCipherModes()) to be used for encryption and
decryption operations.
Map that is a clone of all the attributes.
List of strings of combined cipher modes that support
both confidentiality and authenticity.
List of strings of combined cipher modes that support
both confidentiality and authenticity.
String.
List representing the parsed, comma-separated property.
Date.
Category.getInstance(java.lang.String) by supplying
its own factory type as a parameter.
Category.getInstance(java.lang.String) by supplying
its own factory type as a parameter.
Logger.getLogger(java.lang.String) by supplying
its own factory type as a parameter.
Logger.getLogger(java.lang.String) by supplying
its own factory type as a parameter.
ServletContext.getRealPath(String) instead.
HttpServletRequest associated
with the caller thread.
HttpServletRequest associated
with the passed in request.
HttpServletRequest associated
with the caller thread.
HttpServletRequest associated
with the passed in request.
computeAndStoreMAC(SecretKey authKey) method.
CipherText.cipherTextVersion instead. Will
disappear as of ESAPI 2.1.
SecretKey which may be a different key than what the
token was originally encrypted with.
SecretKey with which this object was constructed.
#RandomAccessReferenceMap(Set) and
#RandomAccessReferenceMap(Set,int) both call it
internally.
CryptoToken
object.
this.toString().hashCode().
Object.hashCode() of an object.
SecurityManager
either by some generic name or by the class name.
Encryptor.
isAuthorized executes the AccessControlRule
that is identified by key and listed in the
resources/ESAPI-AccessControlPolicy.xml file.
isAuthorized executes the AccessControlRule
that is identified by key and listed in the
resources/ESAPI-AccessControlPolicy.xml file.
CipherText object, then attempt to validate the MAC that
should be embedded within the CipherText object by using a
derived key based on the specified SecretKey.
ESAPI.properties file that supports both confidentiality
and authenticity (i.e., a "combined cipher mode" as NIST refers
to it).
CipherText object and the current ESAPI.property
settings.
SecurityWrapperRequest.isRequestedSessionIdFromURL() instead.
Encryptor interface.KeyDerivationFunction.
KeyDerivationFunction based on the
ESAPI.property property, Encryptor.KDF.PRF.
UnsupportedOperationException
UnsupportedOperationException
Encryptor.PreferredJCEProvider.
EncryptedPropertiesUtils instead, which allows creating, reading,
and writing encrypted properties.
className parameter.
MySQLCodec.Mode.
String is not null or empty (after optional
trimming of leading and trailing whitespace).
Exception classes model the most
important security functions to enterprise web applications.PlainText objects may be overwritten after
they have been encrypted.
PlainText objects may be overwritten after
they have been encrypted.
PlainText object from a String.
PlainText object from a byte array.
Base64.InputStream.read() repeatedly until the end of stream
is reached or len bytes are read.
EncryptedProperties interface.SecurityConfiguration interface stores all configuration information
that directs the behavior of the ESAPI implementation.java.security.Provider either by some generic name
(i.e., Provider.getName()) or by a fully-qualified class name.CipherSpec.
CipherSpec.
CipherSpec.
int.
long.
short.
Object.toString() to provide something more useful.
toString() method.
PlainText object to a UTF-8 encoded String.
EventType to a string.
Object.toString() of an object.
SecretKey
that was used to construct this object.
CipherText should be used with a Message
Authentication Code (MAC).
CipherText should be used with a Message
Authentication Code (MAC).
UnsupportedOperationException
Base64.OutputStream.write(int) repeatedly until len
bytes are written.
|
||||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||