|
||||||||||
PREV NEXT | FRAMES NO FRAMES |
AbstractAccessReferenceMap.getUniqueReference()
. Since this is a constructor, any
subclass that implements getUniqueReference() has not had it's
own constructor run. This leads to strange bugs because subclass
internal state is initializaed after calls to getUniqueReference()
have already happened. If this constructor is desired in a
subclass, consider running AbstractAccessReferenceMap.update(Set)
in the subclass
constructor instead.
AbstractAccessReferenceMap.getUniqueReference()
. Since this is a constructor, any
subclass that implements getUniqueReference() has not had it's
own constructor run. This leads to strange bugs because subclass
internal state is initializaed after calls to getUniqueReference()
have already happened. If this constructor is desired in a
subclass, consider running AbstractAccessReferenceMap.update(Set)
in the subclass
constructor instead.
PlainText
object to a byte array.
CipherText
object as a portable (i.e., network byte
ordered) serialized byte array.
CipherText
object as a specialized, portable
serialized byte array.
assertAuthorized
executes the AccessControlRule
that is identified by key
and listed in the
resources/ESAPI-AccessControlPolicy.xml
file.
assertAuthorized
executes the AccessControlRule
that is identified by key
and listed in the
resources/ESAPI-AccessControlPolicy.xml
file.
Base64.InputStream
will read data from another
java.io.InputStream, given in the constructor,
and encode/decode to/from Base64 notation on the fly.Base64.InputStream
in DECODE mode.
Base64.InputStream
in
either ENCODE or DECODE mode.
Base64.OutputStream
will write data to another
java.io.OutputStream, given in the constructor,
and encode/decode to/from Base64 notation on the fly.Base64.OutputStream
in ENCODE mode.
Base64.OutputStream
in
either ENCODE or DECODE mode.
EncoderConstants.CHAR_ALPHANUMERICS
instead
EncoderConstants.CHAR_DIGITS
instead
EncoderConstants.CHAR_LETTERS
instead
EncoderConstants.CHAR_LOWERS
instead
EncoderConstants.CHAR_PASSWORD_DIGITS
instead
EncoderConstants.CHAR_PASSWORD_LETTERS
instead
EncoderConstants.CHAR_PASSWORD_LOWERS
instead
EncoderConstants.CHAR_PASSWORD_SPECIALS
instead
EncoderConstants.CHAR_PASSWORD_UPPERS
instead
EncoderConstants.CHAR_SPECIALS
instead
EncoderConstants.CHAR_UPPERS
instead
Set<Character>
(so duplicates
are removed).
Cipher
except for the encryption key.Serializable
interface representing the result of encrypting
plaintext and some additional information about the encryption algorithm,
the IV (if pertinent), and an optional Message Authentication Code (MAC).CipherSpec
object.
CipherSpec
object and the raw ciphertext.
CipherText
objects.CipherText
can be constructed from it.
ClickjackFilter
is discussed at
http://www.owasp.org/index.php/ClickjackFilter_for_Java_EE
.Encryptor.CipherText.useMAC
is set to true
.
ConfigurationException
should be thrown when a problem arises because of
a problem in one of ESAPI's configuration files, such as a missing required
property or invalid setting of a property, or missing or unreadable
configuration file, etc.System.arraycopy(src, 0, dest, 0, length)
.
copyByteArray(src, dest, src.length)
.
Encryptor.decrypt(CipherText)
instead, which
also ensures message authenticity. This method will be
completely removed as of the next major release or point
release (3.0 or 2.1, whichever comes first) as per OWASP
deprecation policy.
CipherText
using the information from it
and the master encryption key as specified by the property
Encryptor.MasterKey
as defined in the ESAPI.properties
file.
CipherText
using the information from it
and the specified secret key.
CipherText
using the information from it
and the master encryption key as specified by the property
Encryptor.MasterKey
as defined in the ESAPI.properties
file.
CipherText
using the information from it
and the specified secret key.
EncryptedProperties
interface.SecurityConfiguration
manages all the settings used by the ESAPI in a single place.SecurityWrapperResponse.encodeRedirectUrl(String)
instead.
SecurityWrapperResponse.encodeURL(String)
instead.
Encryptor.encrypt(PlainText)
instead, which
also ensures message authenticity. This method will be
completely removed as of the next major release or point
release (3.0 or 2.1, whichever comes first) as per OWASP
deprecation policy.
Encryptor.CipherTransformation
and the master encryption key as specified by the property
Encryptor.MasterKey
as defined in the ESAPI.properties
file.
Encryptor.CipherTransformation
as defined in the ESAPI.properties
file and the
specified secret key.
Encryptor.CipherTransformation
and the master encryption key as specified by the property
Encryptor.MasterKey
as defined in the ESAPI.properties
file.
Encryptor.CipherTransformation
as defined in the ESAPI.properties
file and the
specified secret key.
EncryptedProperties
interface represents a properties file
where all the data is encrypted before it is added, and decrypted when it
retrieved.Object.equals(Object)
that safely handles nulls.
int
.
long
.
CipherText
object from what is supposed to be a
portable serialized byte array, given in network byte order, that
represents a valid, previously serialized CipherText
object
using CipherText.asPortableSerializedByteArray()
.
short
.
List
of strings of additional cipher modes that are
permitted (i.e., in addition to those returned by
#getPreferredCipherModes()
) to be used for encryption and
decryption operations.
List
of strings of additional cipher modes that are
permitted (i.e., in addition to those returned by
#getPreferredCipherModes()
) to be used for encryption and
decryption operations.
List
of strings of combined cipher modes that support
both confidentiality and authenticity.
List
of strings of combined cipher modes that support
both confidentiality and authenticity.
String
.
List
representing the parsed, comma-separated property.
ServletContext.getRealPath(String)
instead.
HttpServletRequest
associated
with the caller thread.
HttpServletRequest
associated
with the passed in request.
HttpServletRequest
associated
with the caller thread.
HttpServletRequest
associated
with the passed in request.
computeAndStoreMAC(SecretKey authKey)
method.
CipherText
serialization.
#RandomAccessReferenceMap(Set)
and
#RandomAccessReferenceMap(Set,int)
both call it
internally.
this.toString().hashCode()
.
Object.hashCode()
of an object.
SecurityManager
either by some generic name or by the class name.
Encryptor
.
isAuthorized
executes the AccessControlRule
that is identified by key
and listed in the
resources/ESAPI-AccessControlPolicy.xml
file.
isAuthorized
executes the AccessControlRule
that is identified by key
and listed in the
resources/ESAPI-AccessControlPolicy.xml
file.
CipherText
object, then attempt to validate the MAC that
should be embedded within the CipherText
object by using a
derived key based on the specified SecretKey
.
ESAPI.properties
file that supports both confidentiality
and authenticity (i.e., a "combined cipher mode" as NIST refers
to it).
CipherText
object and the current ESAPI.property
settings.
SecurityWrapperRequest.isRequestedSessionIdFromURL()
instead.
Encryptor
interface.Encryptor.PreferredJCEProvider
.
className
parameter.
String
is not null or empty (after optional
trimming of leading and trailing whitespace).
Exception
classes model the most
important security functions to enterprise web applications.PlainText
objects may be overwritten after
they have been encrypted.
PlainText
objects may be overwritten after
they have been encrypted.
PlainText
object from a String
.
PlainText
object from a byte
array.
Base64.InputStream.read()
repeatedly until the end of stream
is reached or len bytes are read.
SecurityConfiguration
interface stores all configuration information
that directs the behavior of the ESAPI implementation.java.security.Provider
either by some generic name
(i.e., Provider.getName()
) or by a fully-qualified class name.CipherSpec
.
CipherSpec
.
CipherSpec
.
int
.
long
.
short
.
Object.toString()
to provide something more useful.
toString()
method.
PlainText
object to a UTF-8 encoded String
.
Object.toString()
of an object.
CipherText
should be used with a Message
Authentication Code (MAC).
CipherText
should be used with a Message
Authentication Code (MAC).
Base64.OutputStream.write(int)
repeatedly until len
bytes are written.
|
||||||||||
PREV NEXT | FRAMES NO FRAMES |