Kingdom: Encapsulation
Encapsulation is about drawing strong boundaries. In a web browser that might mean ensuring that your mobile code cannot be abused by other mobile code. On the server it might mean differentiation between validated data and unvalidated data, between one user's data and another's, or between data users are allowed to see and data that they are not.
Poor Style: Non-final Public Static Field
Abstract
Non-final public static fields can be changed by external classes.
Explanation
Typically, you do not want to provide external classes direct access to your object's member fields since a public field can be changed by any external class. Good object oriented designed uses encapsulation to prevent implementation details, such as member fields, from being exposed to other classes. Further, if the system assumes that this field cannot be changed, then malicious code might be able to adversely change the behavior of the system.
Example 1: In the following code, the field
In this case, malicious code might be able to change this error code and cause the program to behave in an unexpected manner.
Example 1: In the following code, the field
ERROR_CODE
is declared as public and static, but not final:
public class MyClass
{
public static int ERROR_CODE = 100;
//...
}
In this case, malicious code might be able to change this error code and cause the program to behave in an unexpected manner.
References
desc.structural.java.poor_style_non-final_public_static_field