O'Reilly logo

The CERT® Oracle® Secure Coding Standard for Java™ by David Svoboda, Dean F. Sutherland, Robert C. Seacord, Dhruv Mohindra, Fred Long

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 16. Platform Security (SEC)

Rules

Image

Risk Assessment Summary

Image

SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary

The java.security.AccessController class is part of Java’s security mechanism; it is responsible for enforcing the applicable security policy. This class’s static doPrivileged() method executes a code block with a relaxed security policy. The doPrivileged() method stops permissions from being checked further down the call chain. Consequently, any method that invokes doPrivileged() must assume ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required