...
This rule concerns untrusted information entering a doPrivileged() block. For prevention of sensitive information escaping from a doPrivileged() block, see SEC02SEC00-J. Do not allow doPrivileged() blocks to leak sensitive information outside a trust boundary.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="65f21c31a953cacd-8c8f1cf3-44344650-af5cb1f2-d643a809b6744cee766f1870"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method doPrivileged() | http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e9ca1a1935544290-42cf7a83-4a0b44a3-bb7a8468-6c302fe490677c842f0bc07d"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | Sections 6.4, "AccessController" | ]]></ac:plain-text-body></ac:structured-macro> | |
| 9.5 "Privileged Code" | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="69edb7abfadcb6b7-0f147d77-4bda4820-81ff8684-a2b011e0c3cb142aea6cacdf"><ac:plain-text-body><![CDATA[ | [[Jovanovic 2006 | AA. Bibliography#Jovanovic 06]] | "Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities" | ]]></ac:plain-text-body></ac:structured-macro> |
...
SEC02SEC00-J. Do not allow doPrivileged() blocks to leak sensitive information outside a trust boundary 14. Platform Security (SEC) SEC04-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes