Where is the ESAPI.properties file?
(Doc ID 1630555.1)
Last updated on JULY 12, 2024
Applies to:
Oracle WebCenter Sites - Version 11.1.1.8.0 and laterInformation in this document applies to any platform.
Goal
According to http://docs.oracle.com/cd/E29542_01/doc.1111/e29636/sites_security.htm#CDDFGEBJ
"The Sites server employs the Enterprise Security API to check for and prevent security vulnerabilities that may occur from injection of malicious web data. The validation can be customized to meet tighter control over the content of HTTP headers and incoming data. The validation expressions contained in the ESAPI.properties file can be modified; this file is included when you install the Sites server. This file resides in the Sites WEB-INF/classes folder.
Further information about ESAPI is available at the following link: https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API"
1) According to the statement above, ESAPI.properties can be customized , but where is this file ? It is not in WEB-INF/Classes folder as the documentation says.
2) Is the product bringing two APIs for the same purpose , "antysami" and ESAPI ??
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |