File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Beginning Java and the fly likes is there a ny security issue when returning the NEW Object  Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Beginning Java
Bookmark "is there a ny security issue when returning the NEW Object  " Watch "is there a ny security issue when returning the NEW Object  " New topic
Author

is there a ny security issue when returning the NEW Object

Karthikeyan Sakthivel
Greenhorn

Joined: Jun 30, 2004
Posts: 3
I wish to know whether there is any security issue when returning a New Object from a Method.

EXAMPLE
*******
public class MEReturnParameter {
public static Dimension getRectangleSize(int x1, int y1, int x2, int y2) {
return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2));
}
}

Whether the following line is a problem or Not

return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2));


K.S.KARTHIKEYAN
Jesper de Jong
Java Cowboy
Saloon Keeper

Joined: Aug 16, 2005
Posts: 14194
    
  20

No, there is no security issue.

Why are you asking the question - do you have some potential security issue in mind? If so, can you please tell us what potential issue you are thinking about?


Java Beginners FAQ - JavaRanch SCJP FAQ - The Java Tutorial - Java SE 8 API documentation
Karthikeyan Sakthivel
Greenhorn

Joined: Jun 30, 2004
Posts: 3
Actually I was asked to pass the parameter instead of creating an new objects inside the method.

Original Example
public class ReturnParameter {
public static Dimension getRectangleSzie(int x1, int y1, int x2, int y2) {
return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2)); //VIOLATION
}
}

I was asked to write the code as follows.

public class ReturnParameter {
public static Dimension getRectangleSize(int x1, int y1, int x2, int y2, Dimension returnValue) {
returnValue.width = Math.abs(x1-x2);
returnValue.height = Math.abs(y1-y2);
return returnValue; // FIXED
}
}

Trying to understand why the above Original Example is not allowed
Stan James
(instanceof Sidekick)
Ranch Hand

Joined: Jan 29, 2003
Posts: 8791
No, I don't see the point of that change. There is some potential if you keep a reference to the object you create and return or if you just return a member variable ...

because now somebody else has access to something I consider private. They can change it without my knowing. I think FindBugz flags this as a warning.


A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: is there a ny security issue when returning the NEW Object