Java Reference
In-Depth Information
The client program runs through the sequence of all possible hash codes using Craf-
tedLicenseType until it successfully matches the hash code of the demo license key ob-
jectstoredinthe LicenseManager class.Consequently,theattackercandiscoverthesens-
itive data present within the licenseMap in only a few minutes. The attack operates by
discovering at least one hash collision with respect to the key of the map.
Compliant Solution ( IdentityHashMap )
This compliant solution uses an IdentityHashMap rather than a HashMap to store the li-
cense information:
Click here to view code image
public class LicenseManager {
Map<LicenseType, String> licenseMap =
new IdentityHashMap<LicenseType, String>();
// ...
}
According to the Java API class IdentityHashMap documentation [API 2006],
This class implements the Map interface with a hash table, using reference-equality
in place of object-equality when comparing keys (and values). In other words, in an
IdentityHashMap ,twokeys k1 and k2 areconsideredequalifandonlyif (k1==k2) .
(In normal Map implementations (like HashMap ) two keys k1 and k2 are considered
equal if and only if (k1==null ? k2==null : k1.equals(k2)) .)
Consequently, the overridden methods cannot expose internal class details. The client
program can continue to add license keys, and can even retrieve the added key-value
pairs, as demonstrated by the following client code.
Click here to view code image
public class DemoClient {
public static void main(String[] args) {
LicenseManager licenseManager = new LicenseManager();
LicenseType type = new LicenseType();
type.setType("custom-license-key");
licenseManager.setLicenseKey(type, "CUS-TOM-LIC-KEY");
Object licenseKeyValue = licenseManager.getLicenseKey(type);
// Prints CUS-TOM-LIC-KEY
System.out.println(licenseKeyValue);
 
Previous Page
Next Page
Java Coding Guidelines
Search WWH ::




Custom Search
Home