Java Reference
In-Depth Information
// If not, throw an exception
} catch (FileNotFoundException cnf) {
// Forward to handler
}
return null;
}
}); // End of doPrivileged()
System.loadLibrary("authentication");
}
The
loadLibrary()
invocation could also occur before preliminary password reset
checks are performed; in this example, it is deferred for performance reasons.
Applicability
Minimizingprivilegedcodereducestheattacksurfaceofanapplicationandsimplifiesthe
task of auditing privileged code.
Bibliography
[API 2013]
Class
AccessController
18. Do not expose methods that use reduced-security checks to untrusted
code
Most methods lack security manager checks because they do not provide access to sens-
itive parts of the system, such as the file system. Most methods that do provide security
manager checks verify that every class and method in the call stack is authorized before
theyproceed.Thissecuritymodelallowsrestrictedprograms,suchasJavaapplets,tohave
full access to the core Java library. It also prevents a sensitive method from acting on be-
half of a malicious method that hides behind trusted methods in the call stack.
However, certain methods use a reduced-security check that checks only that the call-
ing method is authorized rather than checking every method in the call stack. Any code
that invokes these methods must guarantee that they cannot be invoked on behalf of un-
trusted code. These methods are listed in
Table 1-2
.
