can anyone explain his point? | Sololearn: Learn to code for FREE!
New course! Every coder should learn Generative AI!
Try a free lesson
+ 3

can anyone explain his point?

How does Java string being immutable increase security? A very common practice in writing class libraries is storing the parameters passed into your API, say, in a constructor, like this: public class MyApi { final String myUrl; public MyApi(String urlString) { // Verify that urlString points to an approved server if (!checkApprovedUrl(urlString)) throw new IllegalArgumentException(); myUrl = urlString; } } Were String mutable, this would lead to a subtle exploit: an attacker would pass a good URL, wait for a few microseconds, and then set the URL to point to an attack site. Since storing without copying is a reasonably common practice, and because strings are among the most commonly used data types, leaving strings mutable would open up many APIs that are not written yet open to a serious security problem. Making strings immutable closes this particular security hole for all APIs, including the ones that are not written yet.

java
11th Jun 2017, 5:23 AM
Somnath Ghosh
Somnath Ghosh - avatar
1 Answer
0
Imagine as if it was a library performing security checks called in a multithreaded environment where you could time your change (the inner state) of urlString after the check has been performed. With Strings that's not possible because of immutability.
19th Jun 2017, 8:13 PM
Kürti Szabolcs
Kürti Szabolcs - avatar

Often have questions like this?

Learn more efficiently, for free:

See all courses
Hot today
Please help, have been getting error message since past 3 days now. can't pass this level even when the answer is right.
1 Votes
How to access caller class attribute
0 Votes
Media on HTML
0 Votes
How do people have HTML course but i dont
1 Votes
Code Playground
0 Votes
Is Sololearn better or Mimo.org?
1 Votes
xampp
0 Votes
Editor HTML
0 Votes
How to solve this
1 Votes
Java project
0 Votes