Page History

...

• All file separators must be replaced by platform independent File.separator

• Wiki MarkupPossibly use the memento design pattern with deserialization. An inner class performs input validation using 'safe' objects, for example, {{long}} to store {{int}} vals and then updates the state of the actual outer class and so on..., Item 50 \ [Daconta 03\]

• readResolve() for deserialization (singletons). Do not serialize sensitive external mutable variables (best to declare them transient)

• Calling clone.super() is necessary.

...

Possible Recommendations

• Wiki Markup-Do not serialize keys, certificates or the classes that contain their instances, as deserialization may fail if the same security provider is not present at the remote end. Instead, override the readObject, writeObject methods and encode the data. \ [P 202 Oaks 01\] *(unsure if this can be classified as a security error)*- (done)

• Careful while using environment variables - investigate usual conditions (done)

• Wiki MarkupUse HttpSession carefully, Item 25 \ [Daconta 03\]unmigrated-wiki-markup

• For good portability, do not make the assumption - all DBMSs can tolerate several open ResultSet Objects at a time, Item 41 \ [Daconta 03\]

• Thread.interrupted issues

...

• Avoid using Reflection to instantiate inner classesunmigrated-wiki-markup

• Use a typesafe enum pattern \ [Bloch, Item 20\]- (_enum type_ provided, jdk 1.5 onwards, [Docs|http://java.sun.com/j2se/1.5.0/docs/guide/language/enums.html])

• Some of the anti-patterns described in EXC00-J. Do not suppress or ignore checked exceptions (done)

...

• Don't catch Throwable without checking for ThreadDeath. (will not do)

• Wiki MarkupUsage of {{GetResource}} may be unsafe if class is extended \ [Findbugs\]

• Do not serialize/deserialize resource handles (done)

...