a9fe7e6099 
					 
					
						
						
							
							Implement non-coding modes for the labs  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@211  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-25 12:57:57 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f62eb33c4b 
					 
					
						
						
							
							Commit Dave's fixes  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@210  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-25 12:57:17 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d9979e46ed 
					 
					
						
						
							
							Another place where we need to compare without case  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@209  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-25 12:56:51 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b67bb702d2 
					 
					
						
						
							
							Fix more places where the email address was hard-coded  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@208  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-25 12:56:35 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6de7bd9ec9 
					 
					
						
						
							
							Fix the feedback address in other places  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@207  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-25 12:56:06 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d65f5bfd85 
					 
					
						
						
							
							Make the stages not right aligned  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@206  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-25 12:55:57 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7fd112bc5d 
					 
					
						
						
							
							Update Random Access Lessons to not include the stage number in the text  
						
						... 
						
						
						
						We add the stage number programmatically now, since we want to be able
to skip some stages.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@205  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-25 12:55:49 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						add34a24dc 
					 
					
						
						
							
							Make the test for the Auth header name case-insensitive  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@204  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-25 12:55:18 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						043c0e5926 
					 
					
						
						
							
							Remove Microsoft quotes  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@203  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:37:58 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fb76b4916f 
					 
					
						
						
							
							Unify web.xml files. Also update the webgoat contact email address  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@202  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:37:42 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f9b5f8eddf 
					 
					
						
						
							
							Show completion of individual lesson stages  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@201  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:37:31 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a2f99be11a 
					 
					
						
						
							
							Remove unnecessary setMessage() calls  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@200  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:37:24 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f831487fa2 
					 
					
						
						
							
							Add descriptions to the stages  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@199  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:36:42 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						002dbbf53c 
					 
					
						
						
							
							Point the windows config file to use the HSQLDB database  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@198  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:36:11 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5fd4b44303 
					 
					
						
						
							
							Fix line endings  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@197  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:36:02 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c65faceb1a 
					 
					
						
						
							
							A recent change to AbstractLesson.getLink() broke visit tracking  
						
						... 
						
						
						
						Fix the lesson tracking to be more specific.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@196  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:35:42 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c1ddbd078f 
					 
					
						
						
							
							Correctly specify an in-memory database  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@195  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:35:31 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ee8e9d91bb 
					 
					
						
						
							
							Mark SequentialLessonAdapter as abstract to prevent instantiation  
						
						... 
						
						
						
						Otherwise it shows up as an "Untitled Lesson"
git-svn-id: http://webgoat.googlecode.com/svn/trunk@194  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:35:22 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0c2e04c655 
					 
					
						
						
							
							Remove unused import  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@193  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:35:06 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7af27f7d1b 
					 
					
						
						
							
							Make per-user in-memory databases actually work  
						
						... 
						
						
						
						Previously we would just get a connection to the same database, regardless
of the user specified in the connect string. Trying to create
HSQLDB users did not seem to work. Non-ADMIN users don't have
CREATE TABLE privileges, it seems, and I couldn't find docs that
describe how to GRANT CREATE TABLE privileges. Go figure.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@192  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:34:53 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cf047786f3 
					 
					
						
						
							
							An INSERT statement cannot be executed as a query  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@191  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:34:31 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d04371884b 
					 
					
						
						
							
							Allow WebGoat to create per-user databases  
						
						... 
						
						
						
						This creates the infrastructure to allow WebGoat to create per-user
databases, so that any modifications made by one user do not affect
other users. Some lessons may have made provision for this internally
(e.g. CrossSiteScripting lesson), but this simplifies things generally.
This also switches the default database from Access on windows, and
Enhydra on Unix/other platforms to using HSQLDB, in an "in-memory"
configuration. We may get performance problems from having too many
instances of the database in memory at once at sites that have 10's
of users banging on a central WebGoat. Only time will tell.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@190  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:34:14 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9d19fa2433 
					 
					
						
						
							
							Remove unused code to clean up warnings  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@189  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:33:14 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9e352396d3 
					 
					
						
						
							
							Remove warnings by generic'ising users of Collections classes  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@188  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:32:59 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e41a5ca395 
					 
					
						
						
							
							Removed unused code that was generating warnings  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@187  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:32:31 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4a70fdac26 
					 
					
						
						
							
							Add automatically generated serialVersionUID to silence warnings  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@186  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:32:08 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d709ff9506 
					 
					
						
						
							
							Fix warnings  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@185  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:31:42 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9ea97126b8 
					 
					
						
						
							
							Use AbstractLesson.getLink() and getFormAction() more  
						
						... 
						
						
						
						Rather than constructing URL's manually all the time, rather
make use of existing mechanisms to create the URL, and use
it consistently.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@184  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:31:11 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e27aaccb45 
					 
					
						
						
							
							Make multi-stage lessons show the individual stages in the menu  
						
						... 
						
						
						
						While we are about it, make AbstractLesson.getLink() include
the category (i.e. menu), so that the menu selection script
will still work.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@183  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:29:53 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						77ab0c5406 
					 
					
						
						
							
							Update stage completion message  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@182  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:29:33 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						84f3b5033d 
					 
					
						
						
							
							Minor changes to the challenge screen  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@181  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:29:15 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						184eaae260 
					 
					
						
						
							
							Update the messages issued when a stage is completed.  
						
						... 
						
						
						
						We provide an automatic message on completion, which is easy to override.
Simply call setMessage() AFTER calling setStageComplete().
git-svn-id: http://webgoat.googlecode.com/svn/trunk@180  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:29:07 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ab0423cb78 
					 
					
						
						
							
							Update the stage descriptions and instructions  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@179  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:28:24 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ad7f4aec68 
					 
					
						
						
							
							Re-add Aspect credits for various lessons  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@178  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-18 13:28:02 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5f5e2e829a 
					 
					
						
						
							
							The return type fix got lost.  
						
						... 
						
						
						
						I don't know how to get back to the point in the SVN history
to fix this so that the build will actually work. I guess
I'd better just apply it here.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@177  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 13:40:01 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						47a7619652 
					 
					
						
						
							
							Fixes: Make sure procedures are created in the right scope/user  
						
						... 
						
						
						
						Also, create the EMPLOYEE table first, since Oracle checks for it
git-svn-id: http://webgoat.googlecode.com/svn/trunk@176  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:56:41 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						afb5b9e740 
					 
					
						
						
							
							SQLPLUS does not process CREATE PROCEDURE lines without a trailing /  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@175  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:56:33 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7bb2c087a0 
					 
					
						
						
							
							Add lesson plans for the DB labs  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@174  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:56:26 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d1fe861a75 
					 
					
						
						
							
							Add a DB Cross Site Scripting lesson  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@173  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:56:13 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						73035769aa 
					 
					
						
						
							
							Add stored procedures for the DB Cross Stie Scripting Lesson  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@172  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:55:32 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bc2faede19 
					 
					
						
						
							
							Add a new DBSQLInjection lesson  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@171  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:55:23 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						17fe003f2f 
					 
					
						
						
							
							Add stored procedures for the SQL Injection lesson  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@170  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:54:33 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1bcb2f6539 
					 
					
						
						
							
							Add an SQL file to set up the Oracle DB and WebGoat user  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@169  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:54:23 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4665256674 
					 
					
						
						
							
							Construct a message automatically when we complete a stage  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@168  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:54:15 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						26ed31df68 
					 
					
						
						
							
							Only show the stage controls if the lesson is not complete  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@167  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:53:59 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d889f6e535 
					 
					
						
						
							
							Reset to the first stage when restarting the lesson  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@166  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:53:51 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7dee412ee1 
					 
					
						
						
							
							Fix WebServices lessons to maintain a reference to WebgoatContext  
						
						... 
						
						
						
						Since the webservices lessons are also created automatically by
Axis, which obviously does not have a reference to WebgoatContext,
and wouldn't call setWebgoatContext even if it did, we need to ensure
that each lesson created can still get to WebgoatContext.
Do this by maintaining a static reference to WebgoatContext that
all instances of the class can use.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@165  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:53:36 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						76f654e820 
					 
					
						
						
							
							Make sure that the underlying GoatHillsFinancial lesson remains hidden  
						
						... 
						
						
						
						Naturally, we want derived classes to be visible automatically
git-svn-id: http://webgoat.googlecode.com/svn/trunk@164  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:53:18 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dc8914f4e1 
					 
					
						
						
							
							Allow for simple restarting of a lesson.  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@163  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:53:00 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f9a5a3700b 
					 
					
						
						
							
							Minor cleanups to address warnings  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@162  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2007-07-11 12:52:44 +00:00