Return to site

JAVA SECURE CODING: MUTABILITY

· java

JAVA SECURE CODING: Mutability

=>Mutability, whilst appearing innocuous, can cause a surprising variety of security problems.

―Prefer immutability for value types

―Create copies of mutable output values ―Create safe copies of mutable and subclassable input values

―Support copy functionality for a mutable class ―Do not trust identity equality when overridable on input reference objects

―Treat passing input to untrusted object as output

―Treat output from untrusted object as input ―Define wrapper methods around modifiable internal state

―Make public static fields final

―Ensure public static final field values are constants

―Do not expose mutable statics

―Do not expose modifiable collections