...
| Wiki Markup |
|---|
\[[Bloch 2005|AA. Bibliography#Bloch 05]\] Puzzle 83: Dyslexic Monotheism \[[Bloch 2001|AA. Bibliography#Bloch 01]\] Item 1: Enforce the singleton property with a private constructor \[[Greanier 2000|AA. Bibliography#Greanier 00]\] [Discover the secrets of the Java Serialization API|http://java.sun.com/developer/technicalArticles/Programming/serialization/] \[[Harold 1999|AA. Bibliography#Harold 99]\] \[[JLS 2005|AA. Bibliography#JLS 05]\] [Transient modifier|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#37020] \[[Long 2005|AA. Bibliography#Long 05]\] Section 2.4, Serialization \[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 502|http://cwe.mitre.org/data/definitions/502.html] "Deserialization of Untrusted Data", [CWE ID 499|http://cwe.mitre.org/data/definitions/499.html] "Serializable Class Containing Sensitive Data" \[[SCG 2007|AA. Bibliography#SCG 07]\] Guideline 5-1 Guard sensitive data during serialization \[[Sun 2006|AA. Bibliography#Sun 06]\] "Serialization specification: A.4 Preventing Serialization of Sensitive Data" |
...
SER02-J. Extendable classes should not declare readResolve() and writeReplace() private or staticSign and seal sensitive objects before transit 16. Serialization (SER) SER04-J. Use SSLSockets rather than Sockets for secure data exchange