|
Rule 7: Do Not Depend on Package Scope
Ensure your Java code is secure
by Adam Kolawa, Ph.D., Gina Assaf, and Roberto Scaramuzzi
Posted April 21, 2004
Editor's Note: Java Pro Online presents a weekly rule for ensuring the security of Java systems. Here's Rule 7 for beginning your strategy for ensuring your Java applications are secure. See the entire index of Java code security rules here.
This rule prohibits classes with public or package-private (neither public nor private) access. An attacker can simply add another class to your package and then access package-private fields that were supposed to be hidden.
To correct violations of this rule, modify code so that it does not rely on package-level access. Give your classes, methods, and fields the most restricted access possible. If this restricted access is not an option, you might want to use package sealing, which can prevent users from adding classes to a package that is in a sealed JAR file. (See Resources for a discussion of Package sealing.)
Rule sources:
"Statically Scanning Java Code: Finding Security Vulnerabilities" John Viega, Gary McGraw, Tom Mutdosch, and Edward W. Felten (IEEE Software, September/October 2000) "Twelve Rules for Developing More Secure Java Code" Gary McGraw and Edward Felten JavaWorld (December, 1998)
About the Authors
Adam Kolawa, Ph.D, is the chairman and CEO of Parasoft. He is a writer and speaker on industry issues and in 2001 was awarded the Los Angeles Ernst & Young Entrepreneur of the Year Award in the software category. Gina Assaf has been developing, designing, testing, and implementing applications in Java for over six years, and has researched and developed coding standards for Parasoft, many of which provide security for Java applications. Roberto Scaramuzzi, Ph.D., is a Java and Perl Developer for Parasoft in San Diego, California. Born in Italy, he later moved to the United States to obtain his doctorate in Mathematics from Yale University. Contact the authors at .
Back to top
|