...
A malicious client using the instantiated thread-safe object can mount a denial-of-service attack simply by holding the lock on the object:. Notice that this also conflict with CON07-J. Do not defer a thread that is holding a lock.
| Code Block | ||
|---|---|---|
| ||
public class importantObj {
public synchronized void changeValue() { // lock on this
...
}
...
}
// Denial-of-service attack from caller
synchronized (importantObject) {
Thread.sleep(Integer.MAX_VALUE); // Disable importantObject
}
|
...