//为什么要定义构造方法
因为不定义它也会有默认构造方法,而且是public的,不符合单例的设计模式要求
这种eager singleton是线程安全的,因为JVM保证了静态变量只由classloader初始化一次,也因此意味着所有调用getInstance的线程只能得到同一个变量实例
但是这种方法不足以保护其免遭reflection attack,因为反射可以改变私有变量的访问控制符
AccessibleObject.setAccessible(true),应对这种情况就需要这样:
public class JavaSingleton {
private static final JavaSingleton INSTANCE = new JavaSingleton();
private JavaSingleton() {
if (INSTANCE != null) {
throw new IllegalStateException("Inside JavaSingleton(): JavaSingleton " +
"instance already created.");
}
System.out.println("Inside JavaSingleton(): Singleton instance is being created.");
}
public static final JavaSingleton getInstance() {
return INSTANCE;
}
}
同时也不能免遭serialization attack,应对法:
定义所有的实例域为transient,再提供一个readResolve方法,返回现有实例,来保证singleton
见:
http://technonstop.com/java-singleton-reflection-and-lazy-initialization
http://www.chiaocheng.com/blog/2009/07/java-singleton/
http://stackoverflow.com/questions/5735797/is-this-singleton-resistant-to-both-serialization-and-reflection-attacks
分享到:
相关推荐
including Penetration Tester's Open Source Toolkit (ISBN: 1-5974490210), Stealing the Network: How to Own an Identity (ISBN: 1597490067), InfoSec Career Hacking (ISBN: 1597490113), and OS X for ...
Attack and Defend Computer Security Set By 作者: Dafydd Stuttard – Marcus Pinto – Michael Hale Ligh – Steven Adair – Blake Hartstein – Ozh ISBN-10 书号: 111890673X ISBN-13 书号: 9781118906736 ...
Discover how to defend against threats Get to know the basic concepts of Android rooting See how developers make mistakes that allow attackers to steal data from phones Grasp ways to secure your ...
Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition is suitable for anyone who wants to learn more about pentesting and how to understand and defend against the latest wireless ...
Defend against GPS Spoofing using Off-the-shelf Chipset}, author = {Liu, Shinan and Cheng, Xiang and Yang, Hanchao and Shu, Yuanchao and Weng, Xiaoran and Guo, Ping and Zeng, (Curtis) Kexiong and Wang...
本文介绍了一种基于大数据的机器学习防御系统,旨在训练机器以识别和防御网络攻击和欺诈行为。文章提到,信息安全解决方案分为两大类:一类是由分析师驱动的,另一类是基于无监督机器学习驱动的。...
Protect your data from attack by using SQL Server technologies to implement a defense-in-depth strategy, performing threat analysis, and encrypting sensitive data as a last line of defense against ...
Explore every nook and cranny of the Android OS to modify your device and guard it against security threats About This Book Understand and counteract against offensive security threats to your ...
标题中的“tv-w06-five-steps-to-defend-against-social-media-weaponization.z”似乎是一个有关防御社交媒体武器化的主题,可能是一个视频课程或者讲座的资料。虽然标签部分为空,但我们可以通过描述来推测内容。...
Given this reality, security researchers must find new ways to defend against peer-to-peer botnets. Toward that aim, we have developed a stochastic model of peer-to-peer botnet formation to provide ...
The professional hackers and nation states on the forefront of today's threats operate at a much more complex level—and this book shows you how to defend your high security network. Use targeted ...
To be well prepared for future attacks, it is not enough to study how to detect and defend against the botnets that have appeared in the past. More importantly, we should study advanced botnet ...
other curious folks who want to learn how attackers work and techniques for defending their own systems against attacks can benefit. The book includes practical recommendations for people who have to ...
and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.
torial is to teach people how to create, and defend againist the attack of a lame YAM virus :) This tute is for educational purposes only. So, lawyers, i don't give a shit if a lamer takes this ...
Once you learn the thought processes of unethical hackers, you can figure out how to secure your computer systems to defend against them. That's the philosophy behind ethical hacking, and it's a ...
a test or write a new one to cover the new requirement or to defend against the discovered bug. Now, write some new code or change some existing code to make all of the new/modified tests pass. If you...