On Tue, Jan 31, 2017 at 5:34 PM, Manuranga Perera <[email protected]> wrote:
> UUF automatically escaping sensitive characters [1]. Please don't use > 'encoding' for 'escaping'. > > [1] https://github.com/jknack/handlebars.java/blob/ > 1f6c48e606dc1303d1e92a0a0eaa94120eba64fd/handlebars/src/ > main/java/com/github/jknack/handlebars/EscapingStrategy.java#L82 > > On Tue, Jan 31, 2017 at 5:23 PM, Jayanga Kaushalya <[email protected]> > wrote: > >> Hi Manuranga, >> >> This is not because of a security reason. The security question set id >> may contains html special characters. So the set id is sent to the UI after >> encoding to Base64. >> >> Thanks! >> >> *Jayanga Kaushalya* >> Software Engineer >> Mobile: +94777860160 <+94%2077%20786%200160> >> WSO2 Inc. | http://wso2.com >> lean.enterprise.middleware >> >> On Tue, Jan 31, 2017 at 10:42 PM, Manuranga Perera <[email protected]> wrote: >> >>> >>> ---------- Forwarded message ---------- >>> From: Manuranga Perera <[email protected]> >>> Date: Tue, Jan 31, 2017 at 5:11 PM >>> Subject: Security questions are encoded >>> To: Johann Nallathamby <[email protected]>, Jayanga Kaushalya < >>> [email protected]>, Isura Karunaratne <[email protected]> >>> >>> >>> Security questions are base64 encoded [1]. If they are encrypted (eg: >>> RSA) or hashed (eg SHA) I can understand that it's for security reasons. >>> All this does is obfuscation, poorly even at that, since base64 can be >>> easily decoded. >>> >>> Or is it done for non-security reasons, like escaping special characters? >>> >>> [1] https://github.com/wso2/product-is/blob/6.0.x-C5_m3/portal/o >>> sgi-services/org.wso2.is.portal.user.client.api/src/main/jav >>> a/org/wso2/is/portal/user/client/api/ChallengeQuestionManage >>> rClientServiceImpl.java#L113 >>> >>> -- >>> With regards, >>> *Manu*ranga Perera. >>> >>> phone : 071 7 70 20 50 >>> mail : [email protected] >>> >>> >>> >>> -- >>> With regards, >>> *Manu*ranga Perera. >>> >>> phone : 071 7 70 20 50 >>> mail : [email protected] >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> > > > -- > With regards, > *Manu*ranga Perera. > > phone : 071 7 70 20 50 > mail : [email protected] > -- With regards, *Manu*ranga Perera. phone : 071 7 70 20 50 mail : [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
