/// <inheritdoc cref="Owasp.Esapi.Interfaces.IAccessReferenceMap.AddDirectReference(object)"/> public string AddDirectReference(object direct) { if (direct == null) { throw new ArgumentNullException("direct"); } string indirect = random.GetRandomString(6, CharSetValues.Alphanumerics); itod[indirect] = direct; dtoi[direct] = indirect; return(indirect); }
/// <summary> Adds a direct reference and a new random indirect reference, overwriting any existing values.</summary> /// <param name="direct"> /// The direct reference. /// </param> public void AddDirectReference(string direct) { string indirect = random.GetRandomString(6, Encoder.CHAR_ALPHANUMERICS); itod[indirect] = direct; dtoi[direct] = indirect; }
public void Test_GetRandomString() { System.Console.Out.WriteLine("GetRandomString"); int length = 20; IRandomizer randomizer = Esapi.Randomizer; for (int i = 0; i < 100; i++) { string result = randomizer.GetRandomString(length, Owasp.Esapi.CharSetValues.Alphanumerics); Assert.AreEqual(length, result.Length); } }
private string GenerateStrongPassword(string oldPassword) { IRandomizer randomizer = Owasp.Esapi.Esapi.Randomizer(); string newPassword = ""; int num = 10; for (int index = 0; index < num; ++index) { try { newPassword = randomizer.GetRandomString(8, Encoder.CHAR_PASSWORD); VerifyPasswordStrength(newPassword, oldPassword); return(newPassword); } catch (AuthenticationException ex) { Authenticator.logger.LogDebug(ILogger_Fields.SECURITY, "Password generator created weak password: "******". Regenerating.", (Exception)ex); } } Authenticator.logger.LogCritical(ILogger_Fields.SECURITY, "Strong password generation failed after " + (object)num + " attempts"); return((string)null); }
/// <summary> Generates a strong password, different from the previous password. /// /// </summary> /// <param name="oldPassword">The old password for the user. /// </param> /// <returns> The cryptographically strong password. /// </returns> private string GenerateStrongPassword(string oldPassword) { IRandomizer r = Esapi.Randomizer(); string newPassword = ""; int limit = 10; for (int i = 0; i < limit; i++) { try { newPassword = r.GetRandomString(8, Encoder.CHAR_PASSWORD); VerifyPasswordStrength(newPassword, oldPassword); return(newPassword); } catch (AuthenticationException e) { logger.LogDebug(ILogger_Fields.SECURITY, "Password generator created weak password: "******". Regenerating.", e); } } logger.LogCritical(ILogger_Fields.SECURITY, "Strong password generation failed after " + limit + " attempts"); return(null); }