Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / October 2007

Tip: Looking for answers? Try searching our database.

some security issues...

Thread view: 
Enable EMail AlertsStart New Thread
kester83@singnet.com.sg - 16 Oct 2007 09:32 GMT
hi

problem1:
below is a java file that i have and after applying a security check
on the return reference,
i have this security risk involved :"The method returns the reference
Object type directly."
the suggested solution was to "Return a copy of the reference Object."
Can any one help me to see what i can do to remove this secutiry risk?

public class InventoryList{
    public static InventoryList merge(InventoryList a, InventoryList b){
        if (a == null){
            return b;}
        else if (b == null){
            return a;
        }
        else {

            InventoryList c = new InventoryList();
            c.count = a.count + b.count;
            c.head = a.head;
            c.tail = b.tail;
            a.tail.next = b.head;
            return c;
        }
    }

}

problem 2:
i've been told to do work on the security check for "buffers
overflow". the only example i was given is below

int data[] = new data[10];
data[10] = 100;

can anyone explain to me how this checking of buffers overflow works
and perhaps and example to how it can be solved?

will really appreciate any help i can get :)
Reply to this Message
Gordon Beaton - 16 Oct 2007 17:18 GMT
> will really appreciate any help i can get :)

I'm sure some of this must have been covered in class, or in your
course text.

/gordon

--
Reply to this Message
kester83@singnet.com.sg - 16 Oct 2007 17:37 GMT
hi,
it's not...
the course just teaches the language...
Reply to this Message
Gordon Beaton - 16 Oct 2007 17:37 GMT
> hi,
> it's not...
> the course just teaches the language...

For the first problem, a solution was already suggested. What don't
you understand about it? Why are the various alternatives handled
differently?

For the second problem, how many elements does an array hold, and how
are they numbered? This is certainly "the language".

/gordon

--
Reply to this Message
kester83@singnet.com.sg - 17 Oct 2007 02:56 GMT
> > hi,
> > it's not...
[quoted text clipped - 10 lines]
>
> --

i would like to clarify that the course only teaches you how to ues
the eclipse software. it gives very little basic knowledge. most of
the basics are self-taught which is why a single line solution is of
little help to me. i've tried to modify the code but still i got the
same security risk. what does returning a copy of the reference mean?
how do i make a copy?

a for the second question, i was task to come out with a sample source
to illustrate the problem. but when i tried codes that is similar(and
even used the exact code) i didnt get the security risk i expected and
thus the "don't understand". anyway i solved the 2nd question.

thankx for taking your time to read although it is such a mundane
question. but i just needed help. that's y im here. thanx.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.