Talk:CSC/ECE 517 Fall 2009/wiki1a 10 wolf27-Manhattan
Programs are not allowed to access arbitrary memory locations.
For example, casting between an
int and an Object is strictly illegal in Java.
Variables may not be used before they are initialized.
If a program were able to read the value of an uninitialized variable, the effect would be the same as if
it were able to read random memory locations. A Java class wishing to exploit this defect might then
declare a huge uninitialized section of variables in an attempt to snoop the memory contents of the
user's machine. To prevent this type of attack, all local variables in Java must be initialized before
they are used, and all instance variables in Java are automatically initialized to a default value.
Objects cannot be arbitrarily cast into other objects.
Consider the below example.
public class CreditCard {
private String acctNo;
}
public class CreditCardSnoop {
public String acctNo;
}
Then the following code will not be allowed execute:
CreditCard cc = Wallet.getCreditCard( );
CreditCardSnoop snoop = (CreditCardSnoop) cc;
System.out.println("Ha! Your account number is " + snoop.acctNo);
Java does not allow arbitrary casting between objects; an object can only be cast to one of its
superclasses or its subclasses.
To satisfy the compiler code can be changed as follows:
Object cc = Wallet.getCreditCard( );
CreditCardSnoop snoop = (CreditCardSnoop) cc;
In this case, the virtual machine will throw a ClassCastException when the snoop variable is assigned to thwart the attack.