Java packages are not inherently closed; therefore, relying on
them for code security is not a good practice.
Time of Introduction
Implementation
Applicable Platforms
Languages
Java
Common Consequences
Scope
Effect
Confidentiality
Any data in a Java package can be accessed outside of the Java
framework if the package is distributed.
Integrity
The data in a Java class can be modified by anyone outside of the Java
framework if the packages is distributed.
Likelihood of Exploit
Medium
Demonstrative Examples
Example 1
(Bad Code)
Java
package math;
public class Lebesgue implements Integration{
public final Static String
youAreHidingThisFunction(functionToIntegrate){
return ...;
}
}
Potential Mitigations
Phase
Description
Design through Implementation: Data should be private static and final
whenever possible. This will assure that your code is protected by
instantiating early, preventing access and tampering.
Other Notes
The purpose of package scope is to prevent accidental access. However,
this protection provides an ease-of-software-development feature but not a
security feature, unless it is sealed.
Description
