Page History

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SCG 2007	Guideline 6-1. "Safely invoke java.security.AccessController.doPrivileged"
MITRE CWE

...

CWE-266 "Incorrect Privilege Assignment"

...

	CWE-272 "Least Privilege Violation"

...

CWE

...

-732 "Incorrect Permission Assignment for Critical Resource"

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup

...

" ac:schema-version="1" ac:macro-id="63e1f52b-0ef3-4d75-86b0-bcef79777f4d"><ac:plain-text-body><![CDATA[

[[API

...

2006

...

AA.

...

Bibliography#API

...

06]

...

]

...

[method

...

doPrivileged()

...

http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)]

...

	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c8a3aa64-152b-4ddc-88bd-a84f896c8426"><ac:plain-text-body><![CDATA[	[[Gong

...

2003

...

AA.

...

Bibliography#Gong

...

03]

...

]

...

Sections

...

6.4,

...

"AccessController"

...

	]]></ac:plain-text-body></ac:structured-macro>
	9.5

...

"Privileged

...

Code"
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8758362b-2e57-4cfc-857d-a2f29fb71ff3"><ac:plain-text-body><![CDATA[	[[Jovanovic

...

2006

...

AA.

...

Bibliography#Jovanovic

...

06]

...

]

...

"Pixy:

...

A

...

Static

...

Analysis

...

Tool

...

for

...

Detecting

...

Web

...

Application

...

Vulnerabilities"

]]></ac:plain-text-body></ac:structured-macro>

...

SEC02-J. Do not allow doPrivileged() blocks to leak sensitive information outside a trust boundary 14. Platform Security (SEC) SEC04-J. Do not expose standard APIs that bypass Security Manager checks to untrusted code

Space shortcuts

Page tree

Versions Compared

Old Version 48

New Version 49

Key

Related Guidelines

Bibliography