Effective Java

ITEM 50: MAKE DEFENSIVE COPIES WHEN NEEDED
233
thread during the 
window of vulnerability
between the time the parameters are
checked and the time they are copied. In the computer security community, this is
known as a 
time-of-check/time-of-use
or 
TOCTOU
attack [Viega01].
Note also that we did not use 
Date
’s 
clone
method to make the defensive
copies. Because 
Date
is nonfinal, the 
clone
method is not guaranteed to return an
object whose class is 
java.util.Date
: it could return an instance of an untrusted
subclass that is specifically designed for malicious mischief. Such a subclass
could, for example, record a reference to each instance in a private static list at the
time of its creation and allow the attacker to access this list. This would give the
attacker free rein over all instances. To prevent this sort of attack, 

Download 2,19 Mb.

Do'stlaringiz bilan baham: