Where is the ESAPI.properties file? (Doc ID 1630555.1)

Last updated on NOVEMBER 03, 2016

Applies to:

Oracle WebCenter Sites - Version 11.1.1.8.0 and later
Information in this document applies to any platform.

Goal

According to http://docs.oracle.com/cd/E29542_01/doc.1111/e29636/sites_security.htm#CDDFGEBJ

"The Sites server employs the Enterprise Security API to check for and prevent security vulnerabilities that may occur from injection of malicious web data. The validation can be customized to meet tighter control over the content of HTTP headers and incoming data. The validation expressions contained in the ESAPI.properties file can be modified; this file is included when you install the Sites server. This file resides in the Sites WEB-INF/classes folder.

Further information about ESAPI is available at the following link: https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API"


1) According to the statement above, ESAPI.properties can be customized , but where is this file ? It is not in WEB-INF/Classes folder as the documentation says.
2) Is the product bringing two APIs for the same purpose , "antysami" and ESAPI ??
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms