1 / 11

Secure Java Programming: Minimizing Accessibility Risks

Learn to enhance Java security by minimizing accessibility risks in classes and interfaces. Explore key techniques like information hiding, access control mechanisms, and using private data members with accessor methods. Ensure robustness and flexibility in your design.

malik-hardin
Télécharger la présentation

Secure Java Programming: Minimizing Accessibility Risks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Classes & Interfaces Minimizing Accessibility and Security Holes

  2. Introduction • Classes and Interfaces are the backbone of Java • Good design = usable, robust, and flexible • 1. Minimize accessibility • 2. Use private data members w/ accessors

  3. Minimize Accessibility of Classes and Members • Information hiding – degree to which the module hides internal data • Use multiple modules and keep them hidden!

  4. Advantages of multi-hidden modules • Allows modules to be developed, tested, optimized, and modified individually -> SPEED. • Eases maintenance -> will not harm other modules.

  5. Access Control Mechanisms • Private • Protected • Public

  6. Rules of Accessibility • Make each class or member as inaccessible as possible. • Top-Level classes and interfaces = package private or public • If a method overrides supermethod, it cannot have lower level accessibility (compiler will catch this) • Public classes should rarely have public fields. Except for public static finals.

  7. Example • Nearly always wrong to have public static final array field //potential security hole Public static final Type[] VALUES = {…}; Better Version: Private static final Type[] PRIVATE_VALUES = {…}; Public static final List VALUES = Collections.unmodifiableList(Arrays.asList(PRIVATE_VALUES));

  8. Use Private data w/ Accessor methods • Use synchronized methods to protect data from corruption. • Multi threads may result in altering members concurrently.

  9. Example Class Test { public int[] intArray = new int[10]; . . . } . . . Test tst = new Test(); Thread t = new Thread(tst); t.start(); Tst.intArray = null;

  10. JUST ADD PRIVATE! Class Test { private int[] intArray = new int[10]; . . . } . . . Test tst = new Test(); Thread t = new Thread (tst); t.start(); int [] temp = tst.integerArray(); temp[5] = 1;

  11. Questions? ?

More Related