Chapter 16. Platform Security (SEC)

Rules

Image

Risk Assessment Summary

Image

SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary

The java.security.AccessController class is part of Java’s security mechanism; it is responsible for enforcing the applicable security policy. This class’s static doPrivileged() method executes a code block with a relaxed security policy. The doPrivileged() method stops permissions from being checked further down the call chain. Consequently, any method that invokes doPrivileged() must assume ...

Get The CERT® Oracle® Secure Coding Standard for Java™ now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.