How does immutability of Java strings increase security?

2020-02-25 • Java

I am a novice in Java. When learning, I found that a string is immutable While I was reading the reasons behind it, there were some reasons, such as performance improvement, because its value cannot be modified and can be shared by multiple threads I understand these reasons

Please help me understand Thank you in advance

Solution

When writing a class library, it is common to store the parameters passed into the API in the constructor, as shown below:

public class MyApi {
    final String myUrl;
    public MyApi(String urlString) {
        // Verify that urlString points to an approved server
        if (!checkApprovedUrl(urlString)) throw new IllegalArgumentException();
        myUrl = urlString;
    }
}

The string is variable, which will lead to a subtle attack: the attacker will pass a good URL, wait a few microseconds, and then set the URL to point to the attack site

Since it is quite common to store without replication, and because string is one of the most commonly used data types, leaving variable string will open many APIs that have not been written but have not been opened by serious security problems Make the string immutable and close all API specific security vulnerabilities, including those that have not been written

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.

THE END

Java

二维码

Java – sets the background image of the surfaceview

< <上一篇

Java: how do I group all Java dates in the corresponding week?

下一篇>>

搜索内容

How does immutability of Java strings increase security?

Solution

热门文章