forked from nomadinjax/esapi4cf
joebrislin/cfesapi
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
OWASP Enterprise Security API (ESAPI) OWASP ESAPI for ColdFusion/CFML Project Purpose: This is the ColdFusion/CFML language version of OWASP ESAPI. = The current release of this project *is not* suitable for production use = License: BSD license https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=ColdFusion.2FCFML *** SETUP/USAGE *** Setup: 1. Ensure that J2EE session variables be enabled! You will not be able to authenticate if this is disabled. 2. The cfesapi folder should sit at the webroot level. 3. Copy /cfesapi/esapi/esapi-2.0.1.jar and selected files from /cfesapi/esapi/libs/ to your lib folder (see compatibility below). 4. Restart ColdFusion. NOTE: there are folders included with CFESAPI that you will want to exclude from your production environment Tests: - You will need to create an 'esapi' folder under your User Home directory so the users.txt file can be written to disk i.e. C:\Users\myusername\esapi\ - You can run the MXUnit tests using: /cfesapi/test/TestSuite.cfm Demos: - See the /cfesapi/demo/ for basic examples of implementation. **Be sure to have https setup else you can't login.** Implementation: - You can extend any of the default implementations to overwrite the methods you need and/or - You can create new implementations that implement the provided interfaces How: - Copy the /cfesapi/esapi/configuration/esapi/ folder to a location within your CF application and make changes to your copy of the config files - ESAPI.properties - IMPORTANT: Run /cfesapi/org/owasp/esapi/reference/crypto/JavaEncryptor.cfm to calculate your *own* Encryptor.MasterKey and Encryptor.MasterSalt values - Update the component paths with the location of your implementation components - Modify other configs as needed - Include the /cfesapi/helpers/ESAPI.cfm in your application - Call the filters provided by CFESAPI to secure and authenticate each request. - See demos for examples Tips: - You can determine whether unlimited strength crypto is installed by running: /cfesapi/test/org/owasp/esapi/reference/crypto/CryptoPolicy.cfm *** COMPATIBILITY *** ************************** * Railo ColdFusion 3.2.3 * ************************** MXUnit Test Results - 10 failures + 1 errors + 264 successes (55-65s) Dependencies (place in [webroot]\WEB-INF\railo\lib) - ESAPI.jar - antisamy.jar - batik-css.jar - batik-util.jar - commons-beanutils.jar - commons-configuration.jar - nekohtml.jar - xercesImpl.jar ************************** * Adobe ColdFusion 9.0.1 * ************************** MXUnit Test Results - 10 failures + 0 errors + 265 successes (60-70s) Dependencies (place in [webroot]\WEB-INF\cfusion\lib) - ESAPI.jar (http://kb2.adobe.com/cps/907/cpsid_90784.html adds version esapi-2.0_rc10.jar which may conflict with our jar - SOLUTION?) - antisamy.jar - batik-css.jar - batik-util.jar - commons-configuration.jar ************************** * Adobe ColdFusion 8.0.1 * ************************** MXUnit Test Results - 9 failures + 1 errors + 265 successes (70-80s) Dependencies (place in [webroot]\WEB-INF\cfusion\lib) - ESAPI.jar (http://kb2.adobe.com/cps/907/cpsid_90784.html adds version esapi-2.0_rc10.jar which may conflict with our jar - SOLUTION?) - antisamy.jar - batik-css.jar - batik-util.jar - commons-beanutils.jar - commons-collections.jar (ACF8 has 2.1 but 3.2 is required) - commons-configuration.jar - commons-lang.jar - nekohtml.jar
About
OWASP Enterprise Security API for ColdFusion/CFML Project
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- ColdFusion 100.0%