Chapter 16. Platform Security (SEC)
Rules
Risk Assessment Summary
SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary
The java.security.AccessController
class is part of Java’s security mechanism; it is responsible for enforcing the applicable security policy. This class’s static doPrivileged()
method executes a code block with a relaxed security policy. The doPrivileged()
method stops permissions from being checked further down the call chain. Consequently, any method that invokes doPrivileged()
must assume ...
Get The CERT® Oracle® Secure Coding Standard for Java™ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.