...
| Code Block | ||
|---|---|---|
| ||
final SensitiveClass {
// ...
public SensitiveClass Clone() throws CloneNotSupportedException {
throw new CloneNotSupportedException();
}
}
|
An alternative is to declare the clone() method final so that it cannot be overridden.
Risk Assessment
Failure to make sensitive classes noncloneable can severely violate the class invariants and provide malicious subclasses the opportunity to exploit the code to create new instances of objects, without security manager checks (by default).
...