Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Avoiding a Security Flaw in Your Java App [Code Snippet]

DZone's Guide to

Avoiding a Security Flaw in Your Java App [Code Snippet]

Learn how to prevent malicious users from accessing a security hole that can be created when designing a child window exit in your app.

· Security Zone
Free Resource

Discover how to protect your applications from known and unknown vulnerabilities.

Suppose you designed an app where the child window exits. Your user may close the child window by clicking the close button. You may, however, disable the window as read-only with setReadOnly to true as setReadOnly(true). You may also make it invisible with CSS display:none, but doing so means you have just created a security hole with the CSS key. This is because a malicious user can access the button and close the window. The best pratice is to set the window to read-only, which also prevents closing on the server side.

Here is an example of the use of a child window in an application using a custom component with open and close button:

class WindowHole extends CustomComponent implements Window.CloseListener {
    Window mainwindow;
    Window mywindow;
    Button openbutton;
    Button closebutton;
    Label explanation;
    public WindowHole(String label, Window main) {
        mainwindow = main;
        final VerticalLayout layout = new VerticalLayout();
        openbutton = new Button("Open Window", this,"openButtonClick");
        explanation = new Label("Explanation");
        layout.addComponent(openbutton);
        layout.addComponent(explanation);
        setCompositionRoot(layout);
    }
    public void openButtonClick(Button.ClickEvent event) {
        mywindow = new Window("My Dialog");
        mywindow.setPositionX(200);
        mywindow.setPositionY(100);
        mainwindow.addWindow(mywindow);
        mywindow.addListener(this);
        mywindow.addComponent(new Label("A text label in the window."));
        closebutton = new Button("Close", this, "closeButtonClick");
        mywindow.addComponent(closebutton);
        openbutton.setEnabled(false);
        explanation.setValue("Window opened");
    }
    public void closeButtonClick(Button.ClickEvent event) {
        mainwindow.removeWindow(mywindow);
        openbutton.setEnabled(true);
        explanation.setValue("Closed with button");
    }
    public void windowClose(CloseEvent e) {
        openbutton.setEnabled(true);
        explanation.setValue("Closed with window controls");
    }
}


This example shows how we can inherit the CustomComponent class which consists of a button for the window opening and a label to show the attributes of the window.

Now you can see the window is open but the button is disabled. When the window is closed the button is enabled.

I hope this helps!

Find out how Waratek’s award-winning virtualization platform can improve your web application security, development and operations without false positives, code changes or slowing your application.

Topics:
java app ,security ,prevention

Published at DZone with permission of Amuda Adeolu. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}