Client code can trivially access public static fields. Neither reads nor writes to such variables are checked by a security manager. Furthermore, new values cannot be validated programmatically before they are stored in the fieldthese fields.
In the presence of multiple threads, non-final public static fields can be modified in inconsistent ways. (See guideline "TSM01-J. Do not let the (this) reference escape during object construction" for an example.)
...
| Wiki Markup |
|---|
[MITRE CWE|http://cwe.mitre.org/]: [CWE-582|http://cwe.mitre.org/data/definitions/582.html] "Array Declared Public, Final, and Static," [CWE-493|http://cwe.mitre.org/data/definitions/493.html] "Critical Public Variable Without Final Modifier," and [CWE-500|http://cwe.mitre.org/data/definitions/500.html] "Public Static Field Not Marked Final"
\[[SCG 2007|AA. Bibliography#SCG 07]\] Guideline 3.1, Treat public static fields as constants |
...
| Wiki Markup |
|---|
\[[FT 2008|AA. Bibliography#FT 08]\] Function Table Class Function Table
\[[Gong 2003|AA. Bibliography#Gong 03]\] 9.3 Static Fields
\[[Nisewanger 2007|AA. Bibliography#Nisewanger 07]\] Antipattern 5, Misusing Public Static Variables
\[[Sterbenz 2006|AA. Bibliography#Sterbenz 06]\] Antipattern 5, Misusing Public Static Variables |
...