demba90 / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

Sign and Seal ESAPI JAR #182

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
I think there's several places that it could help. Some things I am thinking of:

1) Start with ESAPI signing and sealing its own jar. You have to
   eat your own dog food to get any credibility.
2) Provide ESAPI class that checks the validity of a signed jar file
   at runtime. Enable it by default to check ESAPI jar the first time
   it is loaded. (This is pretty easy to do.)
3) Provide a class loader that does various security checks on loaded
   jars; e.g., make sure that jars are loaded from "secure" directories,
   make sure directories in class path are fully-qualified, if jar is    
   signed,validate signature of jar.

Original issue reported on code.google.com by manico.james@gmail.com on 11 Nov 2010 at 3:16

GoogleCodeExporter commented 8 years ago

Original comment by manico.james@gmail.com on 11 Nov 2010 at 1:54

GoogleCodeExporter commented 8 years ago

Original comment by manico.james@gmail.com on 29 May 2012 at 3:22