Difference between revisions of "Overflow of static internal buffer"
|Line 64:||Line 64:|
[[Category:Synchronization and Timing
[[Category:Synchronization and Timing ]]
Revision as of 16:22, 4 August 2006
A non-final static field can be viewed and edited in dangerous ways.
- Integrity: The object could potentially be tampered with.
- Confidentiality: The object could potentially allow the object to be read.
- Design through Implementation: This is a simple logical issue which can be easily remedied through simple protections.
- Languages: Java, C++
- Operating platforms: Any
Likelihood of exploit
Avoidance and mitigation
- Design through Implementation: Make any static fields private and final.
Non-final fields, which are not public can be read and written to by arbitrary Java code.
public int password r = 45;
static public String r;
This is a uninitiated static class which can be accessed without a get-accessor and changed without a set-accessor.