...
| Code Block | ||
|---|---|---|
| ||
class Password {
private static void changePassword() {
// Use own privilege to open the sensitive password file
final String password_file = "password";
final FileInputStream f[] = {null};
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
try {
f[0] = openPasswordFile(password_file); // call the privileged method here
}catch(FileNotFoundException cnf) {
System.err.println("Error: Operation could not be performed");
}
return null;
}
});
//Perform other operations such as password verification
}
private static FileInputStream openPasswordFile(String password_file) throws FileNotFoundException {
FileInputStream f = new FileInputStream("c:\\" + password_file);
// Perform read/write operations on password file
return f;
}
}
|
Compliant Solution
The previous compliant solution prints a general error instead of revealing sensitive information (See EXC01-J. Do not allow exceptions to transmit sensitive information) and as a result, swallows all exceptions. Sometimes no sensitive information can be revealed by any of the possible exceptions. In such cases, an equivalent mechanism that allows exceptions to be wrapped can be used. This allows the caller to obtain better diagnostic information. For example, if an applet doesn't have access to read system files that contain fonts, it can accomplish the task from a privileged block without revealing any sensitive information. In fact, by not swallowing exceptions, the client can deduce the symptoms of a read failure quite easily.
...