Last updated on NOVEMBER 03, 2016
Applies to:Oracle WebCenter Sites - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
According to http://docs.oracle.com/cd/E29542_01/doc.1111/e29636/sites_security.htm#CDDFGEBJ
"The Sites server employs the Enterprise Security API to check for and prevent security vulnerabilities that may occur from injection of malicious web data. The validation can be customized to meet tighter control over the content of HTTP headers and incoming data. The validation expressions contained in the ESAPI.properties file can be modified; this file is included when you install the Sites server. This file resides in the Sites WEB-INF/classes folder.
Further information about ESAPI is available at the following link: https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API"
1) According to the statement above, ESAPI.properties can be customized , but where is this file ? It is not in WEB-INF/Classes folder as the documentation says.
2) Is the product bringing two APIs for the same purpose , "antysami" and ESAPI ??
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms