java 2 3
fdsa
fdsa
Fichier Détails
Cartes-fiches | 496 |
---|---|
Langue | Deutsch |
Catégorie | Informatique |
Niveau | Autres |
Crée / Actualisé | 06.12.2020 / 24.01.2021 |
Attribution de licence | Non précisé |
Lien de web |
https://card2brain.ch/box/20201206_java_2_3
|
Intégrer |
<iframe src="https://card2brain.ch/box/20201206_java_2_3/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
What is the "principle of least privilege"?
Limiting access as much as possible
What is the problem here? How to fix?
public class GrasshopperCage {
public static void openLock(ComboLocks comboLocks, String combo) {
if(comboLocks.isComboValid("grasshopper", combo)) System.out.println("open");
}
}
a attacker could override the method isComboValid and pass it to openLock. (fix it by with final class) f.e:
public boolean isComboValid(String animal, String combo) {
var valid = super.isComboValid(animal, combo);
if(valid) { // email the password to s.b.}
return valid;
}
Is this a immutable object?:
public final class Animal {
private final ArrayList<String> favoriteFoods;
public Animal() {
this.favoriteFoods = new ArrayList<String>();
this.favoriteFoods.add("Apples");
}
public List<String> getFavoriteFoods() {
return favoriteFoods;
}
}
No, the returned list can be modified. Better implement methods for getting properties, f.e.:
public String getFavoriteFoodsElement(int index) {
return favoriteFoods.get(index);
}
What is a copy constructor?
F.e.:
public Animal(List<String> favoriteFoods) {
if(favoriteFoods == null) throw new Runtimeexception("..");
this.favoriteFoods = new ArrayList<String>(favoriteFoods);
}
What is a defensive copy?
F.e. the copy operation
Does the clone() method copy shallow or deep?
shallow by default
What happens if clone is called on an object which doesnt implement cloneable?
Throw exception
What can be considered as untrusted data?
F.e. user inout, reading from files, retrieving data from databases. Any data that did not originate form your program