I’m having trouble understanding why java secure coding is important. For example, why is it important to declare variables private? I mean I get that it will make it impossible to access those variables from outside the class, but I could simply decompile the class to get the value.
Similarly, defining a class as final will make it impossible to subclass this class. When would subclassing a class be dangerous for security? Again if necessary, I could decompile the original class and reimplement it with whatever malicious code I could want.
Does the problem come when applications are “trusted” by the user? And people could then abuse this trust somehow?
Basically what I’m looking for is a good example as to why secure coding guidelines should be followed.
I’m having trouble understanding why java secure coding is important. For example, why is
Share
Programming is hard.
If you define strict APIs, that don’t expose variables that are not supposed to be exposed (we like to call this encapsulation), you help users of your APIs, and thus make programming easier. This is considered a good thing.
The reasons are not primarily “security”, as in keeping secret things secret, as much as clarity, simplicity, and understandability.
As a bonus, it’s far easier to make things work correctly if you can know that the user of the API is not changing “your” variables behind your back, of course.