Highlighted

Using ESAPI in CF10/11 for sanitizing input

LEGEND ,
Sep 08, 2015

Copy link to clipboard

Copied

Hello, all,

The boss has given me the green light for getting rid of Portcullis in favor of ESAPI.  GREAT!!

But all the documentation I've been looking at isn't really helping me to implement it.

What we did have set up with Portcullis was in Application.cfc.  During the onRequestStart(), it checked to see if Portcullis was defined (init it if it wasn't), then passed URL and FORM scopes to Portcullis for scanning.  If Portcullis found something that shouldn't be there, it redirected to the home page.

I'm leaning towards using ESAPI for sanitizing input, not detecting and redirecting.  Is there a way to set ESAPI up to scan entire FORM or URL scoped values within the Application.cfc?   Or am I doomed to going to every form processing page and adding the sanitization to every form or url value?

V/r,

^_^

Views

182

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Using ESAPI in CF10/11 for sanitizing input

LEGEND ,
Sep 08, 2015

Copy link to clipboard

Copied

Hello, all,

The boss has given me the green light for getting rid of Portcullis in favor of ESAPI.  GREAT!!

But all the documentation I've been looking at isn't really helping me to implement it.

What we did have set up with Portcullis was in Application.cfc.  During the onRequestStart(), it checked to see if Portcullis was defined (init it if it wasn't), then passed URL and FORM scopes to Portcullis for scanning.  If Portcullis found something that shouldn't be there, it redirected to the home page.

I'm leaning towards using ESAPI for sanitizing input, not detecting and redirecting.  Is there a way to set ESAPI up to scan entire FORM or URL scoped values within the Application.cfc?   Or am I doomed to going to every form processing page and adding the sanitization to every form or url value?

V/r,

^_^

Views

183

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Sep 08, 2015 0

Have something to add?

Join the conversation