What are secure programming techniques in java?
Simply put, there are a number of programming styles and
techniques available to help ensure a more secure application.
Consider the following as two general examples:
Storing/deleting
passwords.
If a password is stored in a Java String object, the password will stay in memory until it is either garbage collected or the process ends. If it is garbage collected, it will still exist in the free memory heap until the memory space is reused. The longer the password String stays in memory, the more vulnerable it is to snooping. Even worse, if real memory runs low, the operating system might page this password String to the disk's swap space, so it is vulnerable to disk block snooping. To minimize (but not eliminate) these exposures, you should store passwords in char arrays and zero them out after use. (Strings are immutable, so you can't zero them out.)
Smart serialization.
When objects are serialized for storage or transmission any private fields are, by default, present in the stream. So, sensitive data is vulnerable to snooping. You can use the transient keyword to flag an attribute so it is skipped in the streaming. We'll be discussing these and other techniques in more detail when we encounter a need for
0 Comments