org.owasp.esapi.reference.RandomAccessReferenceMap Maven / Gradle / Ivy
/**
* OWASP Enterprise Security API (ESAPI)
*
* This file is part of the Open Web Application Security Project (OWASP)
* Enterprise Security API (ESAPI) project. For details, please see
* http://www.owasp.org/index.php/ESAPI.
*
* Copyright (c) 2007 - The OWASP Foundation
*
* The ESAPI is published by OWASP under the BSD license. You should read and accept the
* LICENSE before you use, modify, and/or redistribute this software.
*
* @author Jeff Williams Aspect Security
* @created 2007
*/
package org.owasp.esapi.reference;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.EncoderConstants;
import java.util.Set;
/**
* Reference implementation of the AccessReferenceMap interface. This
* implementation generates random 6 character alphanumeric strings for indirect
* references. It is possible to use simple integers as indirect references, but
* the random string approach provides a certain level of protection from CSRF
* attacks, because an attacker would have difficulty guessing the indirect
* reference.
*
* @author Jeff Williams ([email protected])
* @author Chris Schmidt ([email protected])
* @see org.owasp.esapi.AccessReferenceMap
* @since June 1, 2007
*/
public class RandomAccessReferenceMap extends AbstractAccessReferenceMap
{
private static final long serialVersionUID = 8544133840739803001L;
public RandomAccessReferenceMap(int initialSize)
{
super(initialSize);
}
/**
* This AccessReferenceMap implementation uses short random strings to
* create a layer of indirection. Other possible implementations would use
* simple integers as indirect references.
*/
public RandomAccessReferenceMap()
{
// call update to set up the references
}
public RandomAccessReferenceMap(Set