...
It is also required to declare SensitiveClass final to avoid malicious subclassing. This stops an artful attacker from subclassing the sensitive class and creating several copies of the subclass, with the intention of introducing thread-safety issues.
| Code Block | ||
|---|---|---|
| ||
final SensitiveClass {
// ...
public SensitiveClass Clone() throws CloneNotSupportedException {
throw new CloneNotSupportedException();
}
}
|
...