SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 80

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 81

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

MITRE CWE

CWE-266. Incorrect privilege assignment

 

CWE-272. Least privilege violation

 

CWE-732. Incorrect permission assignment for critical resource

Secure Coding Guidelines for the Java Programming Language, Version 3.0

Guideline 6-2. Safely invoke java.security.AccessController.doPrivileged

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c2cce278-3238-4978-b5a2-229b65e360b1"><ac:plain-text-body><![CDATA [ [[API 2006AA. References#API 06] ]

[Method doPrivileged()http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ab2d449a-e05b-47e8-8126-580476805928"><ac:plain-text-body><![CDATA[

[ [Gong 2003AA. References#Gong 03] ]

Sections 6.4, AccessController, and 9.5, Privileged Code

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="180df784-9d34-4da4-af20-39f4f19e4ab4"><ac:plain-text-body><![CDATA[

[[Jovanovic 2006AA. References#Jovanovic 06]]

Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities ]]></ac:plain-text-body></ac:structured-macro>

...

      14. Platform Security (SEC)