Page History

According to the Java Language Specification \[[JLS 2005|AA. Bibliography#JLS 05]\], sectionSection 8.4.8.3, "Requirements in Overriding and Hiding" 

The access modifier of an overriding or hiding method must provide at least as much access as the overridden or hidden method, or a compile-time error occurs.

...

Override methods only when necessary. Declare methods and fields final whenever possible to avoid malicious subclassing. When methods and fields cannot be declared as final, refrain from increasing the accessibility of overridden methods (c.f. . (See guideline SEC01-J. Minimize the accessibility of classes and their members.).

class BadScope {
  protected final void doLogic() { // declare as final 
    System.out.println("Super invoked");
    // Do sensitive operations
  }
}

...

Subclassing allows weakening of access restrictions, which may can compromise the security of a Java application.

...

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Related Guidelines

MITRE CWE: CWE-487 "Reliance on Package-level Scope"

SCG 2007]] Guideline 1-1 Limit the accessibility of classes, interfaces, methods, and fields

Bibliography

\[[JLS 2005|AA. Bibliography#JLS 05]\] [Section 8.4.8.3, Requirements in Overriding and Hiding|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.4.8.3]
[\[[SCG 2007|AA. Bibliography#SCG 07]\]] Guideline 1-1 Limit the accessibility of classes, interfaces, methods, and fields
\[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 487|http://cwe.mitre.org/data/definitions/487.html] "Reliance on Package-level Scope"

...

SCP00-J. Use as minimal scope as possible for all variables      05. Scope (SCP)      SCP02-J. Do not reuse names