...
| Wiki Markup |
|---|
\[[API 2006|AA. Bibliography#API 06]\] [method doPrivileged()|http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)] \[[Gong 2003|AA. Bibliography#Gong 03]\] Sections 6.4, "AccessController" and 9.5 "Privileged Code" \[[Jovanovic 2006|AA. Bibliography#Jovanovic 06]\] "Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities" |
...
SEC02-J. Guard Do not allow doPrivileged() blocks against untrusted invocation and leakage of sensitive datato leak sensitive information outside a trust boundary 14. Platform Security (SEC) SEC04-J. Do not expose standard APIs that may bypass Security Manager checks to untrusted code