summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-app-overlay/src/main/resources
diff options
context:
space:
mode:
authorst782s <statta@research.att.com>2017-11-22 11:41:10 -0500
committerSunder Tattavarada <statta@research.att.com>2017-11-28 20:24:36 +0000
commited07ebfbce4031ef4dfbd2f42147f6a7b351aeb8 (patch)
treeee4a6e53f01f15057f32b86f271c9b6d02b25615 /ecomp-sdk/epsdk-app-overlay/src/main/resources
parent418d7273d6d8f6fed2698df89c9910be8498a677 (diff)
Harden code
Issue-ID: PORTAL-145,PORTAL-119 Harden code to address SQL injecton, XSS vulnerabilities; Separate docker images for portal, sdk app and DMaaPBC ui Change-Id: I85fad4d3fcee3243207b8f0dfe21beaa41602204 Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-app-overlay/src/main/resources')
-rw-r--r--ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties6
1 files changed, 2 insertions, 4 deletions
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties b/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties
index 290dbff3..d06d602c 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties
@@ -32,8 +32,6 @@ ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
@@ -42,9 +40,9 @@ ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
# ESAPI Authenticator
#
Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
+#Authenticator.MaxOldPasswordHashes=13
Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
+#Authenticator.PasswordParameterName=password
# RememberTokenDuration (in days)
Authenticator.RememberTokenDuration=14
# Session Timeouts (in minutes)