SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 75

changes.mady.by.user Yozo TODA

Saved on

compared with

New Version 76

changes.mady.by.user Yozo TODA

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Programs must use the javax.net.ssl.SSLSocket class rather than the java.net.Socket class when transferring sensitive data over insecure communication channels. The class SSLSocket provides security protocols such as Secure Sockets Layer/Transport Layer Security (SSL/TLS) to ensure that the channel is not vulnerable to eavesdropping and malicious tampering.

Wiki MarkupThe principal protections included in {{SSLSocket}} that are not provided by the {{Socket}} class are \ [[API 2006|AA. References#API 06]\]:

  • Integrity Protection: SSL protects against modification of messages by an active wiretapper.
  • Authentication: In most modes, SSL provides peer authentication. Servers are usually authenticated, and clients may be authenticated as requested by servers.
  • Confidentiality (privacy protection): In most modes, SSL encrypts data being sent between client and server. This protects the confidentiality of data so that passive wiretappers cannot observe sensitive data such as financial or personal information.

Wiki MarkupIt is also important to use SSL for secure remote method invocation (RMI) communications because RMI depends on object serialization, and serialized data must be safeguarded in transit. Gong, Ellison, and Dageforde \[ [Gong 2003|AA. References#Gong 03] \] describe how to secure RMI communications using {{SSLSocket}}.

Note that this rule lacks any assumptions about the integrity of the data being sent down a socket. For information about ensuring data integrity, see rule SER02-J. Sign then seal sensitive objects before sending them outside a trust boundary.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC00-J

medium

likely

high

P6

L2

Automated Detection

The general case of automated detection appears to be infeasible because determining which specific data may be passed through the socket is not statically computable. An approach that introduces a custom API for passing sensitive data via secure sockets may be feasible. User tagging of sensitive data is a necessary requirement for such an approach.

...

MITRE CWE

CWE-311. Failure to encrypt sensitive data

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f30c32be-48d4-469e-a9f2-d397cd93fe18"><ac:plain-text-body><! [CDATA[ [[API 2006AA. References#API 06] ]

 ]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cef6868e-3f5d-478e-9b79-5e224243abe7"><ac:plain-text-body><![CDATA[

[ [Gong 2003AA. References#Gong 03] ]

11.3.3, Securing RMI Communications ]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f41b6239-1735-4d6b-a5e3-7bbd5ef7f7cd"><ac:plain-text-body><![CDATA[

[[Ware 2008AA. References#Ware 08]]

 ]]></ac:plain-text-body></ac:structured-macro>

...

49. Miscellaneous (MSC)      49. Miscellaneous (MSC)