Harden code

Issue-ID: PORTAL-145,PORTAL-119
Harden code to address SQL injecton, XSS vulnerabilities; Separate
docker images for portal, sdk app and DMaaPBC ui

Change-Id: I85fad4d3fcee3243207b8f0dfe21beaa41602204
Signed-off-by: st782s <statta@research.att.com>

1 files changed, 2 insertions, 4 deletions

diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties b/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties
index 290dbff3..d06d602c 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties
@@ -32,8 +32,6 @@ ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
 ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
 ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
 ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath 
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
 ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
 ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
@@ -42,9 +40,9 @@ ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
 # ESAPI Authenticator
 #
 Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
+#Authenticator.MaxOldPasswordHashes=13
 Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
+#Authenticator.PasswordParameterName=password
 # RememberTokenDuration (in days)
 Authenticator.RememberTokenDuration=14
 # Session Timeouts (in minutes)