From ed07ebfbce4031ef4dfbd2f42147f6a7b351aeb8 Mon Sep 17 00:00:00 2001
From: st782s <statta@research.att.com>
Date: Wed, 22 Nov 2017 11:41:10 -0500
Subject: Harden code

Issue-ID: PORTAL-145,PORTAL-119
Harden code to address SQL injecton, XSS vulnerabilities; Separate
docker images for portal, sdk app and DMaaPBC ui

Change-Id: I85fad4d3fcee3243207b8f0dfe21beaa41602204
Signed-off-by: st782s <statta@research.att.com>
---
 ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'ecomp-sdk/epsdk-app-overlay/src/main/resources')

diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties b/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties
index 290dbff3..d06d602c 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/resources/ESAPI.properties
@@ -32,8 +32,6 @@ ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
 ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
 ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
 ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath 
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
 ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
 ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
@@ -42,9 +40,9 @@ ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
 # ESAPI Authenticator
 #
 Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
+#Authenticator.MaxOldPasswordHashes=13
 Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
+#Authenticator.PasswordParameterName=password
 # RememberTokenDuration (in days)
 Authenticator.RememberTokenDuration=14
 # Session Timeouts (in minutes)
-- 
cgit 1.2.3-korg