...
| Code Block | ||
|---|---|---|
| ||
public class PublicClass {
public int x;
public int y;
public void getPoint() {
System.out.println("(""(" + x + ",""," + y + ")"")");
}
}
|
Compliant Solution
Limiting the scope of classes, interfaces, methods and fields as far as possible reduces the chance of malicious manipulation. Limit the accessibility depending on the desired implementation scope. For non-final classes, reducing the accessibility of methods also eliminates the threat of malicious overriding. This compliant solution demonstrates the most restrictive accessibility.
| Code Block | ||
|---|---|---|
| ||
final class PrivateClass {
private int x;
private int y;
private void getPoint() {
System.out.println("(""(" + x + ",""," + y + ")"")");
}
}
|
A top level class such as this one, cannot be declared as private. Package-private accessibility is admissible in this case. However, nested classes may be declared as private.
...
| Code Block | ||
|---|---|---|
| ||
final class PrivateClass {
private int x;
private int y;
void getPoint() {
System.out.println("(""(" + x + ",""," + y + ")"")");
}
}
|
Exceptions
EX1: If a class, interface, method or field is part of a published Application Programming Interface (API), it may be declared public. If not, they should be declared either package-private, protected or private for compliance with this guideline.
...
SEC04-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar 02. Platform Security (SEC) SEC06-J. Sign and seal sensitive objects before transit