Skip to content

Tag: security

How exactly can someone without source code access exploit a non-final class that has a constructor which invokes overridable functions?

I’m trying to understand how exactly can someone that doesn’t already have access to the source code exploit a non-final class that has a constructor which invokes overridable functions (functions not marked final). This question comes from the fact that after scanning my source code with a Source Code Analyzer (Fortify), it showed a few findings about “Code Correctness: Constructor

Search in List of X509CRL’s

I have a list of X509 CRL’s. I need to identify some of them somehow. Right now I do it using issuer: But there’s gotta be a better way to do that using knowledge of CRL file format, maybe with comparing public keys or something like that, but I don’t know much about X509CRL’s. Can someone help me out? Answer

SecurityFilterChain Bean doesn’t protect app

I am in the middle of process of mirgation my Spring Security Configuration from WebSecurityConfigurerAdapter (deprecated) to configuration with beans. My config class now looks like I understand that this configuration doesn’t make any behavior settings, but shouldn’t it return a SecurityFilterChain bean that will act like the default SecurityFilterChain (as if no configuration was specified)? When I start my

Best practice for storing TOKEN/password in Java

I’m working on a Java application that interacts with a REST API. To communicate with this API, I must use TOKEN, all these TOKEN are sensitive data and I cannot write in my code. So I’m looking for a way like a configuration file to store the TOKEN and access it. Currently, I made an XML file with all my

CWE 73 External Control of file name or Path

I am working to fix Veracode vulnerability CWE-73 ( for my application in which the input filename is dynamically sent by our other application it starts with static names like abc, xyz but full file name usually like abc_1234567.txt. Snippet of existing app code: call methodA(inputdirectory, inputfile, X, Y) -> veracode is reporting for inputfile in this case I have

About Dell server’s virtual terminal

(I haven’t ssh password T_T) When I try to start virtual terminal from Dell server panel ,The server give me a file:”viewer.jnlp…”. I run this file by javaws.exe and it has some error: Unsigned applications requesting unrestricted access to the system The following resources have been signed using the weak signature algorithm MD5withRSA and are considered unsigned. How I solve