/ Security Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Avoiding a Security Flaw in Your Java App [Code Snippet]

DZone 's Guide to

Avoiding a Security Flaw in Your Java App [Code Snippet]

Learn how to prevent malicious users from accessing a security hole that can be created when designing a child window exit in your app.

by
·
Dec. 28, 16 · Security Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Suppose you designed an app where the child window exits. Your user may close the child window by clicking the close button. You may, however, disable the window as read-only with setReadOnly to true as setReadOnly(true). You may also make it invisible with CSS display:none, but doing so means you have just created a security hole with the CSS key. This is because a malicious user can access the button and close the window. The best pratice is to set the window to read-only, which also prevents closing on the server side.

Here is an example of the use of a child window in an application using a custom component with open and close button:

class WindowHole extends CustomComponent implements Window.CloseListener {
    Window mainwindow;
    Window mywindow;
    Button openbutton;
    Button closebutton;
    Label explanation;
    public WindowHole(String label, Window main) {
        mainwindow = main;
        final VerticalLayout layout = new VerticalLayout();
        openbutton = new Button("Open Window", this,"openButtonClick");
        explanation = new Label("Explanation");
        layout.addComponent(openbutton);
        layout.addComponent(explanation);
        setCompositionRoot(layout);
    }
    public void openButtonClick(Button.ClickEvent event) {
        mywindow = new Window("My Dialog");
        mywindow.setPositionX(200);
        mywindow.setPositionY(100);
        mainwindow.addWindow(mywindow);
        mywindow.addListener(this);
        mywindow.addComponent(new Label("A text label in the window."));
        closebutton = new Button("Close", this, "closeButtonClick");
        mywindow.addComponent(closebutton);
        openbutton.setEnabled(false);
        explanation.setValue("Window opened");
    }
    public void closeButtonClick(Button.ClickEvent event) {
        mainwindow.removeWindow(mywindow);
        openbutton.setEnabled(true);
        explanation.setValue("Closed with button");
    }
    public void windowClose(CloseEvent e) {
        openbutton.setEnabled(true);
        explanation.setValue("Closed with window controls");
    }
}


This example shows how we can inherit the CustomComponent class which consists of a button for the window opening and a label to show the attributes of the window.

Now you can see the window is open but the button is disabled. When the window is closed the button is enabled.

I hope this helps!

Like This Article? Read More From DZone

Preparing For The Future With Identity and Access Management
How nearForm Approaches SQL Injection Prevention
Understanding Cryptojacking: Why it Matters and How to Defend Against It

Free DZone Refcard

Variant Analysis
DOWNLOAD
Topics:
java app ,security ,prevention

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Security Partner Resources

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone