Database Reference
In-Depth Information
Exception shielding - preventing an information leakage
We have put together short responses to problems in Error Handling (EH[nn]) identified
during error handling vulnerability analysis.
EH05
As an option, javac will warn you about the return in the finally block if a com-
piler's argument is set as -Xlint:finally . Use of the Ant <compilerarg> element
as follows:
<javacsrcdir="${src.dir}" destdir="${classes.dir}"
classpathref="libraries">
<compilerarg value="-Xlint"/>
</javac>
EH06
Correct cleaning is always important, but you should be extra careful with threads. Please
look at the following code samples. They can help you to mitigate at least two types of at-
tacks, bases of buffer overflow and information leakages:
private static final long SLEEP_INTERVAL = 100;
private static void removeGarbage() {
try {
System.gc();
//give a thread chance if you can
Thread.sleep(SLEEP_INTERVAL);
System.runFinalization();
}
catch (InterruptedExceptionie){
//handle threads properly, log exception clearly,
//DO NOT JUST print stack trace !
// Try to exit neatly, do not just kill it by
.stop() method
Thread.interrupt();
}
//Other errors
catch (Exception ix){
//same as above, DO NOT JUST print stack trace !
Search WWH ::




Custom Search