SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 61

changes.mady.by.user Brendan Saulsbury

Saved on

compared with

New Version 62

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This rule involves the intentional serialization of sensitive information. See SER03-J. Prevent serialization of Do not serialize unencrypted, sensitive data about preventing the unintentional serialization of sensitive information.

...

If the data in the map is considered sensitive, this example will also violate SER03-J. Prevent serialization of Do not serialize unencrypted, sensitive data.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e74fd9877439eb75-7963e86a-43aa4f9d-88fbbe59-d82bbb4eb18855827d93a92b"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="61bbdd0897124c3a-9965398d-4f72405c-a132bb5e-ec142b3cf871c830719bbb06"><ac:plain-text-body><![CDATA[

[[Gong 2003

AA. Bibliography#Gong 03]]

9.10 Sealing Objects

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e81f8ad4e2000ad5-06bfd94e-499d40d4-93989e3c-ca54576cb808ea0e96c8c171"><ac:plain-text-body><![CDATA[

[[Harold 1999

AA. Bibliography#Harold 99]]

Chapter 11: Object Serialization, Sealed Objects

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="68765940a91332e3-135a4781-4210461d-9c45adf1-b2c5f27cc89f02bd7dcc5ff7"><ac:plain-text-body><![CDATA[

[[Neward 2004

AA. Bibliography#Neward 04]]

Item 64: Use SignedObject to provide integrity of Serialized objects

]]></ac:plain-text-body></ac:structured-macro>

 

Item 65: Use SealedObject to provide confidentiality of Serializable objects

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a314c8da2c682fcd-a75225b8-491144ca-8ed08877-fb77df99ac81315ae893fc7b"><ac:plain-text-body><![CDATA[

[[Steel 2005

AA. Bibliography#Steel 05]]

Chapter 10: Securing the Business Tier, Obfuscated Transfer Object

]]></ac:plain-text-body></ac:structured-macro>

...

      13. Serialization (SER)      SER03-J. Prevent serialization of Do not serialize unencrypted, sensitive data