This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.

I wish to know whether there is any security issue when returning a New Object from a Method.

EXAMPLE ******* public class MEReturnParameter { public static Dimension getRectangleSize(int x1, int y1, int x2, int y2) { return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2)); } }

Whether the following line is a problem or Not

return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2));

Why are you asking the question - do you have some potential security issue in mind? If so, can you please tell us what potential issue you are thinking about?

Actually I was asked to pass the parameter instead of creating an new objects inside the method.

Original Example public class ReturnParameter { public static Dimension getRectangleSzie(int x1, int y1, int x2, int y2) { return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2)); //VIOLATION } }

I was asked to write the code as follows.

public class ReturnParameter { public static Dimension getRectangleSize(int x1, int y1, int x2, int y2, Dimension returnValue) { returnValue.width = Math.abs(x1-x2); returnValue.height = Math.abs(y1-y2); return returnValue; // FIXED } }

Trying to understand why the above Original Example is not allowed

No, I don't see the point of that change. There is some potential if you keep a reference to the object you create and return or if you just return a member variable ...

because now somebody else has access to something I consider private. They can change it without my knowing. I think FindBugz flags this as a warning.

A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi