SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Unknown User (lflynn)

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

 For OAuth, ensure the relying party receiving the user's ID in the last protocol step is the same as the relying party that the access token was granted to.

Noncompliant Code Example

This noncompliant code example shows an application that

Code Block
bgColor#FFCCCC
TBD

 


Compliant Solution

In this compliant solution the application

Code Block
bgColor#CCCCFF
TBD

Risk Assessment

 


Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

DRD26-J

Medium

Probable

No

Medium

No

 

 P4

 

L3 

Automated Detection

...


Bibliography

[Chen
OAuth
2014]OAuth Demystified for Mobile Application Developers
 [IETF OAuth1.0a]

Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. http://oauth.net/core/1.0a/.

 [IETF OAuth2.0] Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749.


...

Image Added Image Added Image Added