Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This compliant solution mitigates the vulnerability by declaring openPasswordFile() to be private. Consequently, an untrusted caller can call changePassword() but cannot directly invoke the openPasswordFile() method.

...

This compliant solution suppresses the exception, using a null return value to indicate that the file does not exist. It uses the simpler PrivilegedAction class rather than PrivilegedExceptionAction, to prevent exceptions from propagating out of the doPrivileged() block.

...

Identifying sensitive information requires assistance from the programmer; fully - automated identification of sensitive information is beyond the current state of the art.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d4a3cb2e12b5a6f4-d6efd422-440a42ca-8cc3b790-246f99a21878a9d51a2abc6e"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[method doPrivileged()

http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="dcfbf5b279ec1c6c-a1272df2-487f4128-b81ab1c6-3ae72f7b1d64e43e665ddb2c"><ac:plain-text-body><![CDATA[

[[Gong 2003

AA. Bibliography#Gong 03]]

Sections 6.4, AccessController and 9.5 Privileged Code

]]></ac:plain-text-body></ac:structured-macro>

...