Package org.owasp.esapi
Interface SecurityConfiguration
-
- All Known Implementing Classes:
DefaultSecurityConfiguration
public interface SecurityConfiguration
TheSecurityConfiguration
interface stores all configuration information that directs the behavior of the ESAPI implementation.
Protection of this configuration information is critical to the secure operation of the application using the ESAPI. You should use operating system access controls to limit access to wherever the configuration information is stored.
Please note that adding another layer of encryption does not make the attackers job much more difficult. Somewhere there must be a master "secret" that is stored unencrypted on the application platform (unless you are willing to prompt for some passphrase when you application starts or insert a USB thumb drive or an HSM card, etc., in which case this master "secret" it would only be in memory). Creating another layer of indirection provides additional obfuscation, but doesn't provide any real additional security. It's up to the reference implementation to decide whether this file should be encrypted or not.
The ESAPI reference implementation (DefaultSecurityConfiguration.java) does not encrypt its properties file.- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static class
SecurityConfiguration.Threshold
Models a simple threshold as a count and an interval, along with a set of actions to take if the threshold is exceeded.
-
Method Summary
All Methods Instance Methods Abstract Methods Deprecated Methods Modifier and Type Method Description java.lang.String
getAccessControlImplementation()
Returns the fully qualified classname of the ESAPI Access Control implementation.java.util.List<java.lang.String>
getAdditionalAllowedCipherModes()
ReturnList
of strings of additional cipher modes that are permitted (i.e., in addition to those returned by#getPreferredCipherModes()
) to be used for encryption and decryption operations.java.util.List<java.lang.String>
getAllowedExecutables()
Gets the allowed executables to run with the Executor.java.util.List<java.lang.String>
getAllowedFileExtensions()
Gets the allowed file extensions for files that are uploaded to this application.int
getAllowedFileUploadSize()
Gets the maximum allowed file upload size.int
getAllowedLoginAttempts()
Gets the number of login attempts allowed before the user's account is locked.boolean
getAllowMixedEncoding()
Return true if mixed encoding is allowedboolean
getAllowMultipleEncoding()
Return true if multiple encoding is allowedjava.lang.String
getApplicationName()
Gets the application name, used for loggingjava.lang.String
getAuthenticationImplementation()
Returns the fully qualified classname of the ESAPI Authentication implementation.java.lang.String
getCharacterEncoding()
Gets the character encoding scheme supported by this application.java.lang.String
getCipherTransformation()
Retrieve the cipher transformation.java.util.List<java.lang.String>
getCombinedCipherModes()
Return aList
of strings of combined cipher modes that support both confidentiality and authenticity.java.util.List<java.lang.String>
getDefaultCanonicalizationCodecs()
Returns the List of Codecs to use when canonicalizing datajava.lang.String
getDigitalSignatureAlgorithm()
Gets the digital signature algorithm used by ESAPI to generate and verify signatures.int
getDigitalSignatureKeyLength()
Gets the digital signature key length used by ESAPI to generate and verify signatures.boolean
getDisableIntrusionDetection()
Allows for complete disabling of all intrusion detection mechanismsjava.lang.String
getEncoderImplementation()
Returns the fully qualified classname of the ESAPI Encoder implementation.java.lang.String
getEncryptionAlgorithm()
Gets the encryption algorithm used by ESAPI to protect data.java.lang.String
getEncryptionImplementation()
Returns the fully qualified classname of the ESAPI Encryption implementation.int
getEncryptionKeyLength()
Gets the key length to use in cryptographic operations declared in the ESAPI properties file.java.lang.String
getExecutorImplementation()
Returns the fully qualified classname of the ESAPI OS Execution implementation.java.lang.String
getFixedIV()
If a "fixed" (i.e., static) Initialization Vector (IV) is to be used, this will return the IV value as a hex-encoded string.boolean
getForceHttpOnlyCookies()
Forces new cookies to have HttpOnly flag set.boolean
getForceHttpOnlySession()
Forces new cookies to have HttpOnly flag set.boolean
getForceSecureCookies()
Forces new cookies to have Secure flag set.boolean
getForceSecureSession()
Forces session cookies to have Secure flag set.java.lang.String
getHashAlgorithm()
Gets the hashing algorithm used by ESAPI to hash data.int
getHashIterations()
Gets the hash iterations used by ESAPI to hash data.java.lang.String
getHttpSessionIdName()
This method returns the configured name of the session identifier, likely "JSESSIONID" though this can be overridden.java.lang.String
getHTTPUtilitiesImplementation()
Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.java.lang.String
getIntrusionDetectionImplementation()
Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.java.lang.String
getIVType()
Get a string indicating how to compute an Initialization Vector (IV).java.lang.String
getKDFPseudoRandomFunction()
Retrieve the Pseudo Random Function (PRF) used by the ESAPI Key Derivation Function (KDF).boolean
getLenientDatesAccepted()
Determines whether ESAPI will accept "lenient" dates when attempt to parse dates.boolean
getLogApplicationName()
Returns whether ESAPI should log the application name.boolean
getLogEncodingRequired()
Returns whether HTML entity encoding should be applied to log entries.java.lang.String
getLogFileName()
Get the name of the log file specified in the ESAPI configuration properties file.java.lang.String
getLogImplementation()
Returns the fully qualified classname of the ESAPI Logging implementation.int
getLogLevel()
Returns the current log level.boolean
getLogServerIP()
Returns whether ESAPI should log the server IP.byte[]
getMasterKey()
Gets the master key.byte[]
getMasterSalt()
Gets the master salt that is used to salt stored password hashes and any other location where a salt is needed.int
getMaxHttpHeaderSize()
Returns the maximum allowable HTTP header size.int
getMaxLogFileSize()
Get the maximum size of a single log file from the ESAPI configuration properties file.int
getMaxOldPasswordHashes()
Gets the maximum number of old password hashes that should be retained.java.lang.String
getPasswordParameterName()
Gets the name of the password parameter used during user authentication.java.lang.String
getPreferredJCEProvider()
Retrieve the preferred JCE provider for ESAPI and your application.SecurityConfiguration.Threshold
getQuota(java.lang.String eventName)
Gets the intrusion detection quota for the specified event.java.lang.String
getRandomAlgorithm()
Gets the random number generation algorithm used to generate random numbers where needed.java.lang.String
getRandomizerImplementation()
Returns the fully qualified classname of the ESAPI Randomizer implementation.long
getRememberTokenDuration()
Gets the length of the time to live window for remember me tokens (in milliseconds).java.io.File
getResourceFile(java.lang.String filename)
Gets a file from the resource directoryjava.io.InputStream
getResourceStream(java.lang.String filename)
Gets an InputStream to a file in the resource directoryjava.lang.String
getResponseContentType()
Gets the content type for responses used when setSafeContentType() is called.int
getSessionAbsoluteTimeoutLength()
Gets the absolute timeout length for sessions (in milliseconds).int
getSessionIdleTimeoutLength()
Gets the idle timeout length for sessions (in milliseconds).java.io.File
getUploadDirectory()
Retrieves the upload directory as specified in the ESAPI.properties file.java.io.File
getUploadTempDirectory()
Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.java.lang.String
getUsernameParameterName()
Gets the name of the username parameter used during user authentication.java.lang.String
getValidationImplementation()
Returns the fully qualified classname of the ESAPI Validation implementation.java.util.regex.Pattern
getValidationPattern(java.lang.String typeName)
Returns the validation pattern for a particular typejava.io.File
getWorkingDirectory()
Returns the default working directory for executing native processes with Runtime.exec().boolean
overwritePlainText()
Indicates whether thePlainText
objects may be overwritten after they have been encrypted.java.lang.String
setCipherTransformation(java.lang.String cipherXform)
Deprecated.To be replaced by new class in ESAPI 2.1, but here if you need it until then.void
setResourceDirectory(java.lang.String dir)
Sets the ESAPI resource directory.boolean
useMACforCipherText()
Determines whether theCipherText
should be used with a Message Authentication Code (MAC).
-
-
-
Method Detail
-
getApplicationName
java.lang.String getApplicationName()
Gets the application name, used for logging- Returns:
- the name of the current application
-
getLogImplementation
java.lang.String getLogImplementation()
Returns the fully qualified classname of the ESAPI Logging implementation.
-
getAuthenticationImplementation
java.lang.String getAuthenticationImplementation()
Returns the fully qualified classname of the ESAPI Authentication implementation.
-
getEncoderImplementation
java.lang.String getEncoderImplementation()
Returns the fully qualified classname of the ESAPI Encoder implementation.
-
getAccessControlImplementation
java.lang.String getAccessControlImplementation()
Returns the fully qualified classname of the ESAPI Access Control implementation.
-
getIntrusionDetectionImplementation
java.lang.String getIntrusionDetectionImplementation()
Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
-
getRandomizerImplementation
java.lang.String getRandomizerImplementation()
Returns the fully qualified classname of the ESAPI Randomizer implementation.
-
getEncryptionImplementation
java.lang.String getEncryptionImplementation()
Returns the fully qualified classname of the ESAPI Encryption implementation.
-
getValidationImplementation
java.lang.String getValidationImplementation()
Returns the fully qualified classname of the ESAPI Validation implementation.
-
getValidationPattern
java.util.regex.Pattern getValidationPattern(java.lang.String typeName)
Returns the validation pattern for a particular type- Parameters:
typeName
-- Returns:
- the validation pattern
-
getLenientDatesAccepted
boolean getLenientDatesAccepted()
Determines whether ESAPI will accept "lenient" dates when attempt to parse dates. Controlled by ESAPI propertyValidator.AcceptLenientDates
, which defaults tofalse
if unset.- Returns:
- True if lenient dates are accepted; false otherwise.
- See Also:
DateFormat.setLenient(boolean)
-
getExecutorImplementation
java.lang.String getExecutorImplementation()
Returns the fully qualified classname of the ESAPI OS Execution implementation.
-
getHTTPUtilitiesImplementation
java.lang.String getHTTPUtilitiesImplementation()
Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
-
getMasterKey
byte[] getMasterKey()
Gets the master key. This password is used to encrypt/decrypt other files or types of data that need to be protected by your application.- Returns:
- the current master key
-
getUploadDirectory
java.io.File getUploadDirectory()
Retrieves the upload directory as specified in the ESAPI.properties file.- Returns:
- the upload directory
-
getUploadTempDirectory
java.io.File getUploadTempDirectory()
Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.- Returns:
- the temp directory
-
getEncryptionKeyLength
int getEncryptionKeyLength()
Gets the key length to use in cryptographic operations declared in the ESAPI properties file.- Returns:
- the key length.
-
getMasterSalt
byte[] getMasterSalt()
Gets the master salt that is used to salt stored password hashes and any other location where a salt is needed.- Returns:
- the current master salt
-
getAllowedExecutables
java.util.List<java.lang.String> getAllowedExecutables()
Gets the allowed executables to run with the Executor.- Returns:
- a list of the current allowed file extensions
-
getAllowedFileExtensions
java.util.List<java.lang.String> getAllowedFileExtensions()
Gets the allowed file extensions for files that are uploaded to this application.- Returns:
- a list of the current allowed file extensions
-
getAllowedFileUploadSize
int getAllowedFileUploadSize()
Gets the maximum allowed file upload size.- Returns:
- the current allowed file upload size
-
getPasswordParameterName
java.lang.String getPasswordParameterName()
Gets the name of the password parameter used during user authentication.- Returns:
- the name of the password parameter
-
getUsernameParameterName
java.lang.String getUsernameParameterName()
Gets the name of the username parameter used during user authentication.- Returns:
- the name of the username parameter
-
getEncryptionAlgorithm
java.lang.String getEncryptionAlgorithm()
Gets the encryption algorithm used by ESAPI to protect data. This is mostly used for compatibility with ESAPI 1.4; ESAPI 2.0 prefers to use "cipher transformation" since it supports multiple cipher modes and padding schemes.- Returns:
- the current encryption algorithm
-
getCipherTransformation
java.lang.String getCipherTransformation()
Retrieve the cipher transformation. In general, the cipher transformation is a specification of cipher algorithm, cipher mode, and padding scheme and in general, is aString
that takes the following form:cipher_alg/cipher_mode[bits]/padding_scheme
where cipher_alg is the JCE cipher algorithm (e.g., "DESede"), cipher_mode is the cipher mode (e.g., "CBC", "CFB", "CTR", etc.), and padding_scheme is the cipher padding scheme (e.g., "NONE" for no padding, "PKCS5Padding" for PKCS#5 padding, etc.) and where [bits] is an optional bit size that applies to certain cipher modes such asCFB
andOFB
. Using modes such as CFB and OFB, block ciphers can encrypt data in units smaller than the cipher's actual block size. When requesting such a mode, you may optionally specify the number of bits to be processed at a time. This generally must be an integral multiple of 8-bits so that it can specify a whole number of octets.Examples are:
"AES/ECB/NoPadding" // Default for ESAPI Java 1.4 (insecure) "AES/CBC/PKCS5Padding" // Default for ESAPI Java 2.0 "DESede/OFB32/PKCS5Padding"
NOTE: Occasionally, in cryptographic literature, you may also see the key size (in bits) specified after the cipher algorithm in the cipher transformation. Generally, this is done to account for cipher algorithms that have variable key sizes. The Blowfish cipher for example supports key sizes from 32 to 448 bits. So for Blowfish, you might see a cipher transformation something like this:"Blowfish-192/CFB8/PKCS5Padding"
in the cryptographic literature. It should be noted that the Java Cryptography Extensions (JCE) do not generally support this (at least not the reference JCE implementation of "SunJCE"), and therefore it should be avoided.- Returns:
- The cipher transformation.
-
setCipherTransformation
@Deprecated java.lang.String setCipherTransformation(java.lang.String cipherXform)
Deprecated.To be replaced by new class in ESAPI 2.1, but here if you need it until then. Details of replacement forthcoming to ESAPI-Dev list.Set the cipher transformation. This allows a different cipher transformation to be used without changing theESAPI.properties
file. For instance you may normally want to use AES/CBC/PKCS5Padding, but have some legacy encryption where you have ciphertext that was encrypted using 3DES.- Parameters:
cipherXform
- The new cipher transformation. SeegetCipherTransformation()
for format. Ifnull
is passed as the parameter, the cipher transformation will be set to the the default taken from the propertyEncryptor.CipherTransformation
in theESAPI.properties
file. BEWARE: there is NO sanity checking here (other than the empty string, and then, only if Java assertions are enabled), so if you set this wrong, you will not get any errors until you later try to use it to encrypt or decrypt data.- Returns:
- The previous cipher transformation is returned for convenience, with the assumption that you may wish to restore it once you have completed the encryption / decryption with the new cipher transformation.
-
getPreferredJCEProvider
java.lang.String getPreferredJCEProvider()
Retrieve the preferred JCE provider for ESAPI and your application. ESAPI 2.0 now allows setting the propertyEncryptor.PreferredJCEProvider
in theESAPI.properties
file, which will cause the specified JCE provider to be automatically and dynamically loaded (assuming thatSecurityManager
permissions allow) as the Ii>preferred JCE provider. (Note this only happens if the JCE provider is not already loaded.) This method returns the propertyEncryptor.PreferredJCEProvider
. By default, thisEncryptor.PreferredJCEProvider
property is set to an empty string, which means that the preferred JCE provider is not changed.- Returns:
- The property
Encryptor.PreferredJCEProvider
is returned. - See Also:
SecurityProviderLoader
-
useMACforCipherText
boolean useMACforCipherText()
Determines whether theCipherText
should be used with a Message Authentication Code (MAC). Generally this makes for a more robust cryptographic scheme, but there are some minor performance implications. Controlled by the ESAPI property Encryptor.CipherText.useMAC.For further details, see the "Advanced Usage" section of "Why Is OWASP Changing ESAPI Encryption?".
- Returns:
true
if a you want a MAC to be used, otherwisefalse
.
-
overwritePlainText
boolean overwritePlainText()
Indicates whether thePlainText
objects may be overwritten after they have been encrypted. Generally this is a good idea, especially if your VM is shared by multiple applications (e.g., multiple applications running in the same J2EE container) or if there is a possibility that your VM may leave a core dump (say because it is running non-native Java code.Controlled by the property
Encryptor.PlainText.overwrite
in theESAPI.properties
file.- Returns:
- True if it is OK to overwrite the
PlainText
objects after encrypting, false otherwise.
-
getIVType
java.lang.String getIVType()
Get a string indicating how to compute an Initialization Vector (IV). Currently supported modes are "random" to generate a random IV or "fixed" to use a fixed (static) IV. If a "fixed" IV is chosen, then the the value of this fixed IV must be specified as the propertyEncryptor.fixedIV
and be of the appropriate length.- Returns:
- A string specifying the IV type. Should be "random" or "fixed".
- See Also:
getFixedIV()
-
getFixedIV
java.lang.String getFixedIV()
If a "fixed" (i.e., static) Initialization Vector (IV) is to be used, this will return the IV value as a hex-encoded string.- Returns:
- The fixed IV as a hex-encoded string.
-
getCombinedCipherModes
java.util.List<java.lang.String> getCombinedCipherModes()
Return aList
of strings of combined cipher modes that support both confidentiality and authenticity. These would be preferred cipher modes to use if your JCE provider supports them. If such a cipher mode is used, no explicit separate MAC is calculated as part of theCipherText
object upon encryption nor is any attempt made to verify the same on decryption.The list is taken from the comma-separated list of cipher modes specified by the ESAPI property
Encryptor.cipher_modes.combined_modes
.- Returns:
- The parsed list of comma-separated cipher modes if the property
was specified in
ESAPI.properties
; otherwise the empty list is returned.
-
getAdditionalAllowedCipherModes
java.util.List<java.lang.String> getAdditionalAllowedCipherModes()
ReturnList
of strings of additional cipher modes that are permitted (i.e., in addition to those returned by#getPreferredCipherModes()
) to be used for encryption and decryption operations.The list is taken from the comma-separated list of cipher modes specified by the ESAPI property
Encryptor.cipher_modes.additional_allowed
.- Returns:
- The parsed list of comma-separated cipher modes if the property
was specified in
ESAPI.properties
; otherwise the empty list is returned. - See Also:
#getPreferredCipherModes()
-
getHashAlgorithm
java.lang.String getHashAlgorithm()
Gets the hashing algorithm used by ESAPI to hash data.- Returns:
- the current hashing algorithm
-
getHashIterations
int getHashIterations()
Gets the hash iterations used by ESAPI to hash data.- Returns:
- the current hashing algorithm
-
getKDFPseudoRandomFunction
java.lang.String getKDFPseudoRandomFunction()
Retrieve the Pseudo Random Function (PRF) used by the ESAPI Key Derivation Function (KDF).- Returns:
- The KDF PRF algorithm name.
-
getCharacterEncoding
java.lang.String getCharacterEncoding()
Gets the character encoding scheme supported by this application. This is used to set the character encoding scheme on requests and responses when setCharacterEncoding() is called on SafeRequests and SafeResponses. This scheme is also used for encoding/decoding URLs and any other place where the current encoding scheme needs to be known.
Note: This does not get the configured response content type. That is accessed by calling getResponseContentType().- Returns:
- the current character encoding scheme
-
getAllowMultipleEncoding
boolean getAllowMultipleEncoding()
Return true if multiple encoding is allowed- Returns:
- whether multiple encoding is allowed when canonicalizing data
-
getAllowMixedEncoding
boolean getAllowMixedEncoding()
Return true if mixed encoding is allowed- Returns:
- whether mixed encoding is allowed when canonicalizing data
-
getDefaultCanonicalizationCodecs
java.util.List<java.lang.String> getDefaultCanonicalizationCodecs()
Returns the List of Codecs to use when canonicalizing data- Returns:
- the codec list
-
getDigitalSignatureAlgorithm
java.lang.String getDigitalSignatureAlgorithm()
Gets the digital signature algorithm used by ESAPI to generate and verify signatures.- Returns:
- the current digital signature algorithm
-
getDigitalSignatureKeyLength
int getDigitalSignatureKeyLength()
Gets the digital signature key length used by ESAPI to generate and verify signatures.- Returns:
- the current digital signature key length
-
getRandomAlgorithm
java.lang.String getRandomAlgorithm()
Gets the random number generation algorithm used to generate random numbers where needed.- Returns:
- the current random number generation algorithm
-
getAllowedLoginAttempts
int getAllowedLoginAttempts()
Gets the number of login attempts allowed before the user's account is locked. If this many failures are detected within the alloted time period, the user's account will be locked.- Returns:
- the number of failed login attempts that cause an account to be locked
-
getMaxOldPasswordHashes
int getMaxOldPasswordHashes()
Gets the maximum number of old password hashes that should be retained. These hashes can be used to ensure that the user doesn't reuse the specified number of previous passwords when they change their password.- Returns:
- the number of old hashed passwords to retain
-
getDisableIntrusionDetection
boolean getDisableIntrusionDetection()
Allows for complete disabling of all intrusion detection mechanisms- Returns:
- true if intrusion detection should be disabled
-
getQuota
SecurityConfiguration.Threshold getQuota(java.lang.String eventName)
Gets the intrusion detection quota for the specified event.- Parameters:
eventName
- the name of the event whose quota is desired- Returns:
- the Quota that has been configured for the specified type of event
-
getResourceFile
java.io.File getResourceFile(java.lang.String filename)
Gets a file from the resource directory- Parameters:
filename
- The file name resource.- Returns:
- A
File
object representing the specified file name or null if not found.
-
getForceHttpOnlySession
boolean getForceHttpOnlySession()
Forces new cookies to have HttpOnly flag set.
-
getForceSecureSession
boolean getForceSecureSession()
Forces session cookies to have Secure flag set.
-
getForceHttpOnlyCookies
boolean getForceHttpOnlyCookies()
Forces new cookies to have HttpOnly flag set.
-
getForceSecureCookies
boolean getForceSecureCookies()
Forces new cookies to have Secure flag set.
-
getMaxHttpHeaderSize
int getMaxHttpHeaderSize()
Returns the maximum allowable HTTP header size.
-
getResourceStream
java.io.InputStream getResourceStream(java.lang.String filename) throws java.io.IOException
Gets an InputStream to a file in the resource directory- Parameters:
filename
- A file name in the resource directory.- Returns:
- An
InputStream
to the specified file name in the resource directory. - Throws:
java.io.IOException
- If the specified file name cannot be found or opened for reading.
-
setResourceDirectory
void setResourceDirectory(java.lang.String dir)
Sets the ESAPI resource directory.- Parameters:
dir
- The location of the resource directory.
-
getResponseContentType
java.lang.String getResponseContentType()
Gets the content type for responses used when setSafeContentType() is called.
Note: This does not get the configured character encoding scheme. That is accessed by calling getCharacterEncoding().- Returns:
- The current content-type set for responses.
-
getHttpSessionIdName
java.lang.String getHttpSessionIdName()
This method returns the configured name of the session identifier, likely "JSESSIONID" though this can be overridden.- Returns:
- The name of the session identifier, like "JSESSIONID"
-
getRememberTokenDuration
long getRememberTokenDuration()
Gets the length of the time to live window for remember me tokens (in milliseconds).- Returns:
- The time to live length for generated remember me tokens.
-
getSessionIdleTimeoutLength
int getSessionIdleTimeoutLength()
Gets the idle timeout length for sessions (in milliseconds). This is the amount of time that a session can live before it expires due to lack of activity. Applications or frameworks could provide a reauthenticate function that enables a session to continue after reauthentication.- Returns:
- The session idle timeout length.
-
getSessionAbsoluteTimeoutLength
int getSessionAbsoluteTimeoutLength()
Gets the absolute timeout length for sessions (in milliseconds). This is the amount of time that a session can live before it expires regardless of the amount of user activity. Applications or frameworks could provide a reauthenticate function that enables a session to continue after reauthentication.- Returns:
- The session absolute timeout length.
-
getLogEncodingRequired
boolean getLogEncodingRequired()
Returns whether HTML entity encoding should be applied to log entries.- Returns:
- True if log entries are to be HTML Entity encoded. False otherwise.
-
getLogApplicationName
boolean getLogApplicationName()
Returns whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.- Returns:
- True if ESAPI should log the application name, False otherwise
-
getLogServerIP
boolean getLogServerIP()
Returns whether ESAPI should log the server IP. This might be clutter in some single-server environments.- Returns:
- True if ESAPI should log the server IP and port, False otherwise
-
getLogLevel
int getLogLevel()
Returns the current log level.- Returns:
- An integer representing the current log level.
-
getLogFileName
java.lang.String getLogFileName()
Get the name of the log file specified in the ESAPI configuration properties file. Return a default value if it is not specified.- Returns:
- the log file name defined in the properties file.
-
getMaxLogFileSize
int getMaxLogFileSize()
Get the maximum size of a single log file from the ESAPI configuration properties file. Return a default value if it is not specified. Once the log hits this file size, it will roll over into a new log.- Returns:
- the maximum size of a single log file (in bytes).
-
getWorkingDirectory
java.io.File getWorkingDirectory()
Returns the default working directory for executing native processes with Runtime.exec().
-
-