1. You must program defensively, with the assumption that clients of your class will do their best to destroy its invariants.
2. For immutable class, it is essential to make a defensive copy of each mutable parameter to the constructor and to use the copies as components.
3. Defensive copies should be made before checking the validity of the parameters, and the validity check is performed on the copies rather than on the originals. It protects the class against changes to the parameters from another thread during the “window of vulnerability” between the time the parameters are checked and the time they are copied which is known as a time-of-check/time-of-use or TOCTOU attack.
4. Do not use the clone method to make a defensive copy of a parameter whose type is subclassable by untrusted parties. For example, Date is nonfinal, the clone method is not guaranteed to return an object whose class is java.util.Date: it could return an instance of an untrusted subclass specifically designed for malicious mischief. Such a subclass could, for example, record a reference to each instance in a private static list at the time of its creation and allow the attacker to access this list. This would give the attacker free reign over all instances.
5. For immutable class, modify the accessors to return defensive copies of mutable internal fields
6. If you are considering using a client-provided object reference as an element in an internal Set instance or as a key in an internal Map instance, you should be aware that the invariants of the set or map would be destroyed if the object were modified after it is inserted.
7. Nonzero-length arrays are always mutable. Therefore, you should always make a defensive copy of an internal array before returning it to a client. Alternatively, you could return an immutable view of the array.
8. You should, where possible, use immutable objects as components of your objects, so that you that don’t have to worry about defensive copying.
9. If the cost of the copy would be prohibitive and the class trusts its clients not to modify the components inappropriately, then the defensive copy may be replaced by documentation outlining the client’s responsibility not to modify the affected components.
相关推荐
Item 50: Make defensive copies when needed Item 51: Design method signatures carefully Item 52: Use overloading judiciously Item 53: Use varargs judiciously Item 54: Return empty collections or arrays...
Defensive Security Handbook: Best Practices for Securing Infrastructure by Lee Brotherston English | 3 Apr. 2017 | ASIN: B06Y18XC5Y | 268 Pages | AZW3 | 3.88 MB Despite the increase of high-profile ...
### 难得的经典——《Defensive Programming for Red Hat Enterprise Linux》 #### 摘要与背景 在软件开发领域,安全性和稳定性是至关重要的。随着互联网的发展,网络安全威胁日益严重,对软件的安全性提出了更高...
防御式编程 Defensive Programming.PPT完整版(精品课件) 大纲: 保护程序免遭非法输入数据的破坏 断言 错误处理技术 异常 隔离程序 辅助调试代码
### 防御性数据库编程与SQL Server #### 引言 《防御性数据库编程与SQL Server》一书由Alex Kuznetsov撰写,并由Hugo Kornelis进行了技术审稿,首次由Simple Talk Publishing出版于2010年。本书主要探讨了在SQL ...
内容简介: Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don’t have the budget to establish or outsource an information security ...
本书《Defensive Database Programming with SQL Server》由Alex Kuznetsov撰写,深入探讨了如何在SQL Server环境中实施防御性编程策略。 ### 一、基本防御性数据库编程技术 #### 1. 减少代码漏洞 - **定义假设**...
防御性驾驶指南Guide_For_Defensive_Drivind
matlab导入excel代码utl_sas_defensive_programming_and_error_checking SAS防御性编程和错误检查关键字:sas sql连接合并合并大数据分析宏oracle teradata mysql sas社区stackoverflow统计信息人工智慧AI Python R ...
Java防御性编程是一种编程策略,旨在提前预防程序中可能的错误和异常,从而提高软件的稳定性和可靠性。在Java中,防御性编程通常通过注释、异常处理、数据验证和健壮的错误处理来实现。开源社区提供了许多工具和库来...
Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don’t have the budget to establish or outsource an information security (InfoSec) ...
The practice of defensive school psychology THE PRACTICE OF DEFENSIVE SCHOOL PSYCHOLOGY DONALD A. LUPIANI Riverdale Country School Recent legal developments promise to bring school ...
"Offensive-Defensive-Weight"(进攻防守权重)是一个专门用于评估球队或运动员在比赛中的攻防表现的数据模型。这个概念通常应用于篮球、足球等团队运动,通过量化每个球员或队伍在进攻和防守方面的贡献来帮助教练组...
《防守型数据库编程与SQL Server》一书由Alex Kuznetsov撰写,是关于如何在SQL Server环境中构建更安全、更稳定的应用程序的深入指南。本书聚焦于防御性编程技术,旨在帮助数据库开发者预见到可能的问题,并采取措施...
11 Get Defensive: Network Security 399 12 You Gotta Have a Plan!: Designing Networks 437 i Leftovers: The Top Ten Things (We Didn’t Cover) 469 ii Looking Things Up: ASCII Tables 479 iii Getting a ...
Splunk-防守分析 关于通过进行数据管理的科学论文,其中包括三个相关的CVE漏洞分析,旨在强调Splunk的可靠性。 该项目是作为意大利卡塔尼亚大学的互联网安全关系进行的。 请阅读文档(意大利语) ...
22. defensive:自我防范的,戒备的,形容防范心理或行为。 23. apply:运用,应用于实际情境中。 24. oversee:监管,监督,通常指管理过程中的职责。 25. identify:识别,辨认,如人脸识别或身份验证。 26. ...