Skip to main content

Secure Code guidelines

This is just a reminder that an excellent Java security resource is available here:

The CERT Oracle Secure Coding Standard for Java


Here is an example:

TPS03-J. Ensure that tasks executing in a thread pool do not fail silently

On a recent project I was asked to look at, I could not work out why exceptions were being ignored. I eventually found the above link via a web search. I found it interesting and it was the solution to the problem.


Popular posts from this blog

Overcome Java JNI gdb errors on GNU/Linux

If you happen to try to debug any Java JNI programs using gdb on GNU/Linux you will soon come across error messages. For example : $ gdb --args java MyJavaProgramUsingJNI cannot find user-level thread for LWP nnn: generic error warning: Cannot initialize thread debugging library: versions of libpthread and libthread_db do not match The reason for this is that the java program mucks around with LD_LIBRARY_PATH and that prevents gdb from running correctly. To overcome this, you have to run your Java program and place a pause in the Java code, such as reading a key, and then in another shell, run gdb to attach to the running Java process. You can then set your breakpoint on your JNI code and debug it. Here is an example : Compile your Java program: $ javac JNITest.java Generate the JNI header file: $ javah -jni JNITest.java Create and compile your C code library: $ cat jnilib.c #include "JNITest.h" JNIEXPORT jint JNICALL Java_JNITest_addValues( JNIEnv...