Bug 53694 - Override security check
Summary: Override security check
Status: NEW
Alias: None
Product: Batik - Now in Jira
Classification: Unclassified
Component: Utilities (show other bugs)
Version: 1.8
Hardware: All All
: P2 normal
Target Milestone: ---
Assignee: Batik Developer's Mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-08-11 00:06 UTC by clouds
Modified: 2012-08-12 21:47 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description clouds 2012-08-11 00:06:53 UTC 
ApplicationSecurityEnforcer.java, line 202, has a method (and other methods in the file) which performs security checks.  However, they are not final.  As a result, the security checks can be overridden in ways that bypass security checks.
Comment 1 Helder Magalhães 2012-08-12 21:47:46 UTC 
(In reply to comment #0)
> ApplicationSecurityEnforcer.java, line 202, has a method (and other methods
> in the file) which performs security checks.  However, they are not final.

Would simply marking the methods with final fix this? Did you perform any kind of analysis to check if are there other methods - in other source files - involved?

Patches are welcome, as usual! ;-)