Issue Details (XML | Word | Printable)

Key: JAVAEETUTORIAL-123
Type: Bug Bug
Status: Closed Closed
Resolution: Won't Fix
Priority: Major Major
Assignee: Kim Haase
Reporter: Brant Gurganus
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
javaeetutorial

bad example allows for possible bug

Created: 11/Jul/12 12:05 AM   Updated: 18/Oct/12 07:54 PM   Resolved: 18/Oct/12 07:54 PM
Component/s: doc
Affects Version/s: 6.0.7-5
Fix Version/s: None

Time Tracking:
Not Specified

Tags:
Participants: Brant Gurganus and Kim Haase


 Description  « Hide

This occurs on the "Writing Bean Properties" page at http://docs.oracle.com/javaee/6/tutorial/doc/bnaty.html. Just before the "UIData Properties" heading, there is an example Bean property for a Date field. Date is a mutable type, and the getter and setter are both public. This allows another potentially malicious class to get a reference to the Date field and modify it without the knowledge of the class. This is generally something that be defended against by creating a copy of the date when it is set or when the getter is called. This prevents you from setting the Date field to a Date value that another class can still manipulate and prevents another class the gets the Date from modifying the date without the knowledge of the class. Another, potentially better option if the methods need not be public would be to reduce the visibility to something less than public.



No work has yet been logged on this issue.