Abstract: This article is comes from the Sun official stand one about how to compile the security the Java code guide, the exploiter when the compilation general code, may refer to this article the guide
• Static field
• Reduction function territory
• Public method and field
• Protects the package
• equals method
• If possibly causes the object not to be possible to change
• Do not return to the direction to contain the sensitive data the internal array quotation
• Does not want the array which the direct access user provides
• Serializing
• Primary function
• Eliminates the sensitive information
Static field
• Avoids using non-final the public static variable
Should avoid using the non-final public static variable as far as possible, because whether there is unable to judge the code jurisdiction to change these variable values.
• Generally, should use the instable static condition discretely, because this possibly causes to conceive between the independent subsystem to occur unpredictable mutually alternately.
Reduction function territory
As a convention, reduces the method and the field function territory as far as possible. Whether do the inspection package of access authority's members alter to private, protects the type whether the member does alter to the package of access authority or private, and so on.
Public method/field
Avoids using the public variable, but is uses the visit method to visit these variables. With this way, if the need, possibly increases the centralism safety control.
Regarding any public method, if they can visit or revise any sensitive internal behavior, causes them to contain the safety control by all means must.
Refers to the following code section, in this code section cannot trust the code possibly to establish TimeZone the value:
The following is quotes the fragment:
private static TimeZone defaultZone = null;
public static synchronized void setDefault (TimeZone zone)
{
defaultZone = zone;
} |
|
