On Tue, Jan 31, 2017 at 5:34 PM, Manuranga Perera <m...@wso2.com> wrote:
> UUF automatically escaping sensitive characters [1]. Please don't use > 'encoding' for 'escaping'. > > [1] https://github.com/jknack/handlebars.java/blob/ > 1f6c48e606dc1303d1e92a0a0eaa94120eba64fd/handlebars/src/ > main/java/com/github/jknack/handlebars/EscapingStrategy.java#L82 > > On Tue, Jan 31, 2017 at 5:23 PM, Jayanga Kaushalya <jayan...@wso2.com> > wrote: > >> Hi Manuranga, >> >> This is not because of a security reason. The security question set id >> may contains html special characters. So the set id is sent to the UI after >> encoding to Base64. >> >> Thanks! >> >> *Jayanga Kaushalya* >> Software Engineer >> Mobile: +94777860160 <+94%2077%20786%200160> >> WSO2 Inc. | http://wso2.com >> lean.enterprise.middleware >> >> On Tue, Jan 31, 2017 at 10:42 PM, Manuranga Perera <m...@wso2.com> wrote: >> >>> >>> ---------- Forwarded message ---------- >>> From: Manuranga Perera <m...@wso2.com> >>> Date: Tue, Jan 31, 2017 at 5:11 PM >>> Subject: Security questions are encoded >>> To: Johann Nallathamby <joh...@wso2.com>, Jayanga Kaushalya < >>> jayan...@wso2.com>, Isura Karunaratne <is...@wso2.com> >>> >>> >>> Security questions are base64 encoded [1]. If they are encrypted (eg: >>> RSA) or hashed (eg SHA) I can understand that it's for security reasons. >>> All this does is obfuscation, poorly even at that, since base64 can be >>> easily decoded. >>> >>> Or is it done for non-security reasons, like escaping special characters? >>> >>> [1] https://github.com/wso2/product-is/blob/6.0.x-C5_m3/portal/o >>> sgi-services/org.wso2.is.portal.user.client.api/src/main/jav >>> a/org/wso2/is/portal/user/client/api/ChallengeQuestionManage >>> rClientServiceImpl.java#L113 >>> >>> -- >>> With regards, >>> *Manu*ranga Perera. >>> >>> phone : 071 7 70 20 50 >>> mail : m...@wso2.com >>> >>> >>> >>> -- >>> With regards, >>> *Manu*ranga Perera. >>> >>> phone : 071 7 70 20 50 >>> mail : m...@wso2.com >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> > > > -- > With regards, > *Manu*ranga Perera. > > phone : 071 7 70 20 50 > mail : m...@wso2.com > -- With regards, *Manu*ranga Perera. phone : 071 7 70 20 50 mail : m...@wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
