...
A malicious client using the instantiated thread-safe object can mount a denial-of-service attack simply by holding the lock on the object:
| Code Block | ||
|---|---|---|
| ||
public class importantObj {
public synchronized void changeValue() { // lock on this
...
}
...
}
// Denial-of-service attack from caller
synchronized (importantObject) {
Thread.sleep(Integer.MAX_VALUE); // Disable importantObject
}
|
...