Closed GoogleCodeExporter closed 8 years ago
Clarification: setProperty() and getProperty() methods should not simply throw
RuntimeException for failed encryption / decryption. Rather, they should throw
some new _subclass_ of RuntimeException; e.g., EncryptionRuntimeException.
Furthermore this unchecked exception should be declared in the method signature
(even though it is not strictly required) as well as being described in the
methods' javadoc. This will make it easier for developers to handle that
exception if they should so desire.
Original comment by kevin.w.wall@gmail.com
on 11 Oct 2010 at 9:09
Three new classes attached for review. It took a while to dig through all the
methods of Properties and Hashtable (especially put()) to come up with suitable
replacements.
Original comment by augu...@gmail.com
on 12 Oct 2010 at 4:07
Attachments:
Updated test case, based on the one for DefaultEncryptedProperties. All tests
pass.
Original comment by augu...@gmail.com
on 12 Oct 2010 at 4:08
Attachments:
These changes look good to me - unless I see comments to the contrary I will
plan on commiting this to the trunk this evening at 6pm MST.
Original comment by chrisisbeef
on 13 Oct 2010 at 8:34
Checked in 4 files. In source:
org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java
org/owasp/esapi/errors/EncryptionRuntimeException.jav
org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java
In test:
org/owasp/esapi/reference/crypto/ReferenceEncryptedPropertiesTest.java
Original comment by augu...@gmail.com
on 13 Oct 2010 at 10:26
Also just checked in several more tests and a command line utility class for
creating, reading and writing encrypted properties files and converting
plaintext to encrypted properties.
Original comment by augu...@gmail.com
on 14 Oct 2010 at 3:23
Original issue reported on code.google.com by
augu...@gmail.com
on 11 Oct 2010 at 7:30