Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Avoiding a Security Flaw in Your Java App [Code Snippet]

DZone's Guide to

Avoiding a Security Flaw in Your Java App [Code Snippet]

Learn how to prevent malicious users from accessing a security hole that can be created when designing a child window exit in your app.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Suppose you designed an app where the child window exits. Your user may close the child window by clicking the close button. You may, however, disable the window as read-only with setReadOnly to true as setReadOnly(true). You may also make it invisible with CSS display:none, but doing so means you have just created a security hole with the CSS key. This is because a malicious user can access the button and close the window. The best pratice is to set the window to read-only, which also prevents closing on the server side.

Here is an example of the use of a child window in an application using a custom component with open and close button:

class WindowHole extends CustomComponent implements Window.CloseListener {
    Window mainwindow;
    Window mywindow;
    Button openbutton;
    Button closebutton;
    Label explanation;
    public WindowHole(String label, Window main) {
        mainwindow = main;
        final VerticalLayout layout = new VerticalLayout();
        openbutton = new Button("Open Window", this,"openButtonClick");
        explanation = new Label("Explanation");
        layout.addComponent(openbutton);
        layout.addComponent(explanation);
        setCompositionRoot(layout);
    }
    public void openButtonClick(Button.ClickEvent event) {
        mywindow = new Window("My Dialog");
        mywindow.setPositionX(200);
        mywindow.setPositionY(100);
        mainwindow.addWindow(mywindow);
        mywindow.addListener(this);
        mywindow.addComponent(new Label("A text label in the window."));
        closebutton = new Button("Close", this, "closeButtonClick");
        mywindow.addComponent(closebutton);
        openbutton.setEnabled(false);
        explanation.setValue("Window opened");
    }
    public void closeButtonClick(Button.ClickEvent event) {
        mainwindow.removeWindow(mywindow);
        openbutton.setEnabled(true);
        explanation.setValue("Closed with button");
    }
    public void windowClose(CloseEvent e) {
        openbutton.setEnabled(true);
        explanation.setValue("Closed with window controls");
    }
}


This example shows how we can inherit the CustomComponent class which consists of a button for the window opening and a label to show the attributes of the window.

Now you can see the window is open but the button is disabled. When the window is closed the button is enabled.

I hope this helps!

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
java app ,security ,prevention

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}