Difference between revisions of "Failure to protect stored data from modification"

Jump to: navigation, search
(Related Vulnerabilities)
Line 103: Line 103:
* [[Vulnerability 1]]
* [[Vulnerability 1]]
* [[Vulnerabiltiy 2]]
* [[Vulnerabiltiy 2]]
Note: the contents of "Related Problems" sections should be placed here
==Related [[Controls]]==
==Related [[Controls]]==

Revision as of 17:26, 24 September 2008

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 09/24/2008

Vulnerabilities Table of Contents

ASDR Table of Contents


Data should be protected from direct modification.


  • Integrity: The object could be tampered with.

Exposure period

  • Design through Implementation: At design time it is important to reduce the total amount of accessible data.
  • Implementation: Most implementation level issues come from a lack of understanding of the language modifiers.


  • Languages: Java, C++
  • Operating platforms: Any

Required resources




Likelihood of exploit


One of the main advantages of object-oriented code is the ability to limit access to fields and other resources by way of accessor functions. Utilize accessor functions to make sure your objects are well-formed.

Final provides security by only allowing non-mutable objects to be changed after being set. However, only objects which are not extended can be made final.

Risk Factors



In C++:

  int someNumberPeopleShouldntMessWith;

In Java:

private class parserProg {
    public stringField;

Another set of Examples are:

In C/C++:

  int someNumber;

  void writeNum(int newNum) {
    someNumber = newNum;

In Java:

public class eggCorns {
   private String acorns;
   public void misHear(String name){

Related Attacks

Related Vulnerabilities

Related Controls

  • Design through Implementation: Use private members, and class accessor methods to their full benefit. This is the recommended mitigation. Make all public members private, and - if external access is necessary - use accessor functions to do input validation on all values.
  • Implementation: Data should be private, static, and final whenever possible This will assure that your code is protected by instantiating early, preventing access and preventing tampering.
  • Implementation: Use sealed classes. Using sealed classes protects object-oriented encapsulation paradigms and therefore protects code from being extended in unforeseen ways.
  • Implementation: Use class accessor methods to their full benefit. Use the accessor functions to do input validation on all values intended for private values.

Related Technical Impacts


Note: A reference to related CWE or CAPEC article should be added when exists. Eg: