Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Classes that have security checks in their constructors must beware of finalization attacks, as explained in rule "OBJ05OBJ11-J. Do not allow access to partially initialized objectsBe wary of letting constructors throw exceptions."

Classes that are not sensitive but maintain other invariants must be sensitive to the possibility of malicious subclasses accessing or manipulating their data and possibly invalidating their invariants. See rule "OBJ08-J. Provide mutable classes with copy functionality to allow passing instances to untrusted code safely" for more information.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="00d63ea8d9634729-dce6fa52-44be47ff-b9c8b15b-aeeac64fd4060d69230478e6"><ac:plain-text-body><![CDATA[

[[McGraw 1998

AA. Bibliography#Mcgraw 98]]

Twelve rules for developing more secure Java code

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bbb01bf4f1a858bd-c8e0fc20-4e9b4f56-8f4e9bbf-70a7367c239429a16d74fdc0"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE-498

http://cwe.mitre.org/data/definitions/498.html] "Cloneable Class Containing Sensitive Information", [CWE-491

http://cwe.mitre.org/data/definitions/491.html] "Public cloneable() Method Without Final (aka 'Object Hijack')"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="00c826ca1c14cce4-1e11cb5e-4ea04954-8a5da227-6596ed60d50e3c43cf4895c6"><ac:plain-text-body><![CDATA[

[[Wheeler 2003

AA. Bibliography#Wheeler 03]]

10.6. Java

]]></ac:plain-text-body></ac:structured-macro>

...