Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Array - Security hole

 
Patricia Samuel
Ranch Hand
Posts: 300
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is a frequent source of security holes:
// Potential security hole!
public static final Thing[] VALUES = { ... };

These are the lines that i read in effective Java. Please confirm it is because we have made the reference final not the inside things.
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The VALUES field is final, meaning that you can't assign a different array to it like "VALUES = ...", but the individual elements *can* be reassigned like "VALUES[0] = ...".
 
PrasannaKumar Sathiyanantham
Ranch Hand
Posts: 110
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is similar to C Pointers.

The variable will always point to the particular address in memory only. But the value stored in the address can be changed
 
Rob Spoor
Sheriff
Pie
Posts: 20511
54
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Two workarounds are:

1) make the array private and create a public static accessor method:

2) use a List:
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic