Although creating a file is usually accomplished with a single method call, this single action raises multiple security-related questions. What should be done if the file cannot be created? What should be done if the file already exists? What should be the file's initial attributes, such as permissions? Java provides several generations of file handling facilities. The original input/output facilities, which included basic file handling, are in the package java.io. More comprehensive facilities were included in JDK 1.4 with the New I/O package java.nio (see New I/O APIs [Oracle 2010b]). Still more comprehensive facilities were included in JDK 1.7 with the New I/O 2 package java.nio.file. Both packages introduced a number of methods to support finer-grained control of over file creation.
The rule FIO01-J. Create files with appropriate access permissions addresses the issue of how to specify the permissions of a newly created file.
...