non-private non-final static variables and mutable static variables open
potential security holes in Xalan
----------------------------------------------------------------------------------------------------------
Key: XALANJ-2008
URL: http://nagoya.apache.org/jira/browse/XALANJ-2008
Project: XalanJ2
Type: Bug
Components: Xalan
Versions: CurrentCVS
Environment: Distributed with JDK 1.4+
Reporter: Christine Li
According to Sun�s Security Code Guidelines
[http://java.sun.com/security/seccodeguide.html#gcg2], non-final static
variables and mutable static variables can cause unintended interactions within
the system. This problem appears in many classes in the current Xalan code.
This security issue becomes more severe when Xalan are distributed as part of
the JRE 1.4+; It is loaded by the system class loader and stay in the JVM as
long as the JVM is alive, malicious code can change the behavior of a processor
by modifying those static variables.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
