aspose file tools*
The moose likes Beginning Java and the fly likes is there a ny security issue when returning the NEW Object  Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Beginning Java
Bookmark "is there a ny security issue when returning the NEW Object  " Watch "is there a ny security issue when returning the NEW Object  " New topic
Author

is there a ny security issue when returning the NEW Object

Karthikeyan Sakthivel
Greenhorn

Joined: Jun 30, 2004
Posts: 3
I wish to know whether there is any security issue when returning a New Object from a Method.

EXAMPLE
*******
public class MEReturnParameter {
public static Dimension getRectangleSize(int x1, int y1, int x2, int y2) {
return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2));
}
}

Whether the following line is a problem or Not

return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2));


K.S.KARTHIKEYAN
Jesper de Jong
Java Cowboy
Saloon Keeper

Joined: Aug 16, 2005
Posts: 14107
    
  16

No, there is no security issue.

Why are you asking the question - do you have some potential security issue in mind? If so, can you please tell us what potential issue you are thinking about?


Java Beginners FAQ - JavaRanch SCJP FAQ - The Java Tutorial - Java SE 7 API documentation
Scala Notes - My blog about Scala
Karthikeyan Sakthivel
Greenhorn

Joined: Jun 30, 2004
Posts: 3
Actually I was asked to pass the parameter instead of creating an new objects inside the method.

Original Example
public class ReturnParameter {
public static Dimension getRectangleSzie(int x1, int y1, int x2, int y2) {
return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2)); //VIOLATION
}
}

I was asked to write the code as follows.

public class ReturnParameter {
public static Dimension getRectangleSize(int x1, int y1, int x2, int y2, Dimension returnValue) {
returnValue.width = Math.abs(x1-x2);
returnValue.height = Math.abs(y1-y2);
return returnValue; // FIXED
}
}

Trying to understand why the above Original Example is not allowed
Stan James
(instanceof Sidekick)
Ranch Hand

Joined: Jan 29, 2003
Posts: 8791
No, I don't see the point of that change. There is some potential if you keep a reference to the object you create and return or if you just return a member variable ...

because now somebody else has access to something I consider private. They can change it without my knowing. I think FindBugz flags this as a warning.


A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: is there a ny security issue when returning the NEW Object