|
23 | 23 | import java.util.regex.Pattern; |
24 | 24 |
|
25 | 25 | /** |
26 | | - * The SecurityConfiguration interface stores all configuration information |
| 26 | + * The {@code SecurityConfiguration} interface stores all configuration information |
27 | 27 | * that directs the behavior of the ESAPI implementation. |
28 | 28 | * <br><br> |
29 | 29 | * Protection of this configuration information is critical to the secure |
|
33 | 33 | * <br><br> |
34 | 34 | * Please note that adding another layer of encryption does not make the |
35 | 35 | * attackers job much more difficult. Somewhere there must be a master "secret" |
36 | | - * that is stored unencrypted on the application platform. Creating another |
37 | | - * layer of indirection doesn't provide any real additional security. Its up to the |
38 | | - * reference implementation to decide whether this file should be encrypted or not. |
39 | | - * The ESAPI reference implementation (DefaultSecurityConfiguration.java) does not encrypt |
40 | | - * its properties file. |
| 36 | + * that is stored unencrypted on the application platform (unless you are |
| 37 | + * willing to prompt for some passphrase when you application starts or insert |
| 38 | + * a USB thumb drive or an HSM card, etc., in which case this master "secret" |
| 39 | + * it would only be in memory). Creating another layer of indirection provides |
| 40 | + * additional obfuscation, but doesn't provide any real additional security. |
| 41 | + * It's up to the reference implementation to decide whether this file should |
| 42 | + * be encrypted or not. |
| 43 | + * <br><br> |
| 44 | + * The ESAPI reference implementation (DefaultSecurityConfiguration.java) does |
| 45 | + * <i>not</i> encrypt its properties file. |
41 | 46 | * |
42 | 47 | * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a |
43 | 48 | * href="http://www.aspectsecurity.com">Aspect Security</a> |
@@ -86,11 +91,6 @@ public interface SecurityConfiguration { |
86 | 91 | * Returns the fully qualified classname of the ESAPI Encryption implementation. |
87 | 92 | */ |
88 | 93 | public String getEncryptionImplementation(); |
89 | | - |
90 | | - /** |
91 | | - * Returns the fully qualified classname of the ESAPI CipherText implementation. |
92 | | - */ |
93 | | - public String getCipherTextImplementation(); |
94 | 94 |
|
95 | 95 | /** |
96 | 96 | * Returns the fully qualified classname of the ESAPI Validation implementation. |
@@ -257,20 +257,36 @@ public interface SecurityConfiguration { |
257 | 257 | */ |
258 | 258 | public String setCipherTransformation(String cipherXform); |
259 | 259 |
|
260 | | -// TODO - DISCUSS: Where should this web page go? Maybe with the Javadoc? But where? |
| 260 | +// TODO - DISCUSS: Where should this web page (below) go? Maybe with the Javadoc? But where? |
261 | 261 | // Think it makes more sense as part of the release notes, but OTOH, I |
262 | 262 | // really don't want to rewrite this as a Wiki page either. |
263 | 263 | /** |
264 | 264 | * Determines whether the {@code CipherText} should be used with a Message |
265 | | - * Integrity Code (MIC). Generally this makes for a more robust cryptographic |
| 265 | + * Authentication Code (MAC). Generally this makes for a more robust cryptographic |
266 | 266 | * scheme, but there are some minor performance implications. |
267 | 267 | * For further details, see the "Advanced Usage" section of |
268 | 268 | * <a href="http://www.owasp.org/ESAPI_2.0_ReleaseNotes_CryptoChanges.html"> |
269 | | - * Why Is OWASP Changing ESAPI Encryption?</a>. |
| 269 | + * "Why Is OWASP Changing ESAPI Encryption?"</a>. |
270 | 270 | * @return {@code true} if a MIC should be used, otherwise {@code false}. |
271 | 271 | */ |
272 | | - public boolean useMICforCipherText(); |
| 272 | + public boolean useMACforCipherText(); |
273 | 273 |
|
| 274 | + /** |
| 275 | + * Indicates whether the {@code PlainText} objects may be overwritten after |
| 276 | + * they have been encrypted. Generally this is a good idea, especially if |
| 277 | + * your VM is shared by multiple applications (e.g., multiple applications |
| 278 | + * running in the same J2EE container) or if there is a possibility that |
| 279 | + * your VM may leave a core dump (say because it is running non-native |
| 280 | + * Java code. |
| 281 | + * <p> |
| 282 | + * Controlled by the property {@code Encryptor.PlainText.overwrite} in |
| 283 | + * the {@code ESAPI.properties} file. |
| 284 | + * </p> |
| 285 | + * @return True if it is OK to overwrite the {@code PlainText} objects |
| 286 | + * after encrypting, false otherwise. |
| 287 | + */ |
| 288 | + public boolean overwritePlainText(); |
| 289 | + |
274 | 290 | /** |
275 | 291 | * Get a string indicating how to compute an Initialization Vector (IV). |
276 | 292 | * Currently supported modes are "random" to generate a random IV or |
|
0 commit comments