Chapter 10. Locking (LCK)



Risk Assessment Summary


LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code

There are two ways to synchronize access to shared mutable variables: method synchronization and block synchronization. Methods declared as synchronized and blocks that synchronize on the this reference both use the object’s monitor (that is, its intrinsic lock). An attacker can manipulate the system to trigger contention and deadlock by obtaining and indefinitely holding the intrinsic lock ...

Get The CERT® Oracle® Secure Coding Standard for Java™ now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.