 
                            This keeps track of who has completed their proofread of each chapter. (Our SVN repository will keep us from simultaneous edits.)
| Ch. | Dave | Dean | Dhruv | rCs | Fred | 
|---|---|---|---|---|---|
| 14 | x | 
 | 
 | 
 | x | 
| 15 | x | x | 
 | 
 | x | 
| 16 | 
 | x | 
 | 
 | x | 
| 17 | 
 | 
 | 
 | 
 | 
 | 
| 18 | 
 | 
 | 
 | 
 | 
 | 
| Bib | x | 
 | 
 | 
 | 
 | 
| Def | x | 
 | 
 | 
 | 
 | 
| FM | x | 
 | 
 | 
 | 
 | 
This page contains adhoc TODO ideas or topics being currently investigated. Please feel free to comment on these or suggest new ones.
Possible Changes to Current Guidelines
- All classes, methods will need to include the final keyword. Although this is against extensibility, it is critical from the security point of view.
- All file separators must be replaced by platform independent File.separatorunmigrated-wiki-markup
- Possibly   use   the   memento   design   pattern   with   deserialization.   An   inner   class   performs   input   validation   using   'safe'   objects,   for   example,  {{long}} to store {{int}} vals and then updates the state of the actual outer class and so on..., Item 50 \ [Daconta 03\]
- readResolve() for deserialization (singletons). Do not serialize sensitive external mutable variables (best to declare them transient)
- Calling clone.super() is necessary.
...
Possible Recommendations
...
- -Do not serialize keys, certificates or the classes that contain their instances, as deserialization may fail if the same security provider is not present at the remote end. Instead, override the readObject, writeObject methods and encode the data. \ [P 202 Oaks 01\] *(unsure if this can be classified as a security error)*- (done)
- Careful while using environment variables - investigate usual conditions (done)
- Wiki Markup 
- Wiki Markup 
- Thread.interrupted issues
...
- Issues with ProtectionDomains (if any)
...
Possible Rules
- Poor performance and DoS due to regex (fixed in jdk 1.6)
...
- Avoid using Reflection to instantiate inner classesunmigrated-wiki-markup
- Use a typesafe enum pattern \ [Bloch, Item 20\]- (_enum type_ provided, jdk 1.5 onwards, [Docs|http://java.sun.com/j2se/1.5.0/docs/guide/language/enums.html])
- Some of the anti-patterns described in ERR00-J. Do not suppress or ignore checked exceptions (done)
...
- Don't catch Throwable without checking for ThreadDeath. (will not do)unmigrated-wiki-markup
- Usage   of  {{GetResource}} may be unsafe if class is extended \ [Findbugs\]
- Do not serialize/deserialize resource handles (done)
...