Skip to content

Commit

Permalink
Fix Security Issue (spring-guides#26)
Browse files Browse the repository at this point in the history 
The short is that if somehow there were a malicious class on the classpath having the field be public and static would allow any class to change it. It would be better if the tutorial didn't use this. I don't actually think the constant needs to be public.

>>>
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
>>>
  • Loading branch information
@xenoterracide @gregturn
xenoterracide authored and gregturn committed Jul 6, 2016
1 parent a74a297 commit 7a14c28
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion complete/src/main/java/hello/FileUploadController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ public class FileUploadController {

private static final Logger log = LoggerFactory.getLogger(FileUploadController.class);

public static String ROOT = "upload-dir";
public static final String ROOT = "upload-dir";

private final ResourceLoader resourceLoader;

Expand Down

0 comments on commit 7a14c28

Please sign in to comment.