Why are public static final array a security hole?
Effective java says:
// Potential security hole!
static public final Thing[] VALUES = { ... };
Can somebody tell me what is t
-
To understand why this is a potential security hole and not just poor encapsulation, consider the following example:
public class SafeSites { // a trusted class with permission to create network connections public static final String[] ALLOWED_URLS = new String[] { "http://amazon.com", "http://cnn.com"}; // this method allows untrusted code to connect to allowed sites (only) public static void doRequest(String url) { for (String allowed : ALLOWED_URLS) { if (url.equals(allowed)) { // send a request ... } } } } public class Untrusted { // An untrusted class that is executed in a security sandbox. public void naughtyBoy() { SafeSites.ALLOWED_URLS[0] = "http://myporn.com"; SafeSites.doRequest("http://myporn.com"); } }As you can see, the mistaken use of a final array means that untrusted code can subvert the restriction that the trusted code / sandbox is trying to impose. In this case, this is clearly a security issue.
If your code is not part of a security critical application, then you could ignore this issue. But IMO this is a bad idea. At some point in the future you (or someone else) might reuse your code in a context where security is a concern. At any rate, this is why the author calls public final arrays a security issue.
Amber said this in a comment:
No more a security hole than private would be, if you can read the source code and/or bytecode either way...
This is not true.
The fact that a "bad guy" can use source code / bytecodes to determine that a
privateexists and refers to an array is not sufficient to break security. The bad guy also has to inject code into a JVM that has the required permissions to use reflection. This permission is not available to untrusted code running in a (properly implemented) security sandbox.
加载中...
- 热议问题