Difference between revisions of "EJB Bad Practices: Use of AWT/Swing"

Revision as of 14:43, 19 July 2006

This article includes content generously donated to OWASP by

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Abstract

The program violates the Enterprise JavaBeans specification by using AWT/Swing.

Description

The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container [1].

In this case, the program violates the following EJB guideline:

 "An enterprise bean must not use the AWT functionality to attempt to output information to a display, or to input information from a keyboard."

A requirement that the specification justifies in the following way:

 "Most servers do not allow direct interaction between an application program and a keyboard/display attached to the server system."

Revision as of 18:33, 18 July 2006 (view source) Weilin Zhong (talk \| contribs) ← Older edit		Revision as of 14:43, 19 July 2006 (view source) Weilin Zhong (talk \| contribs) Newer edit →
Line 1:		Line 1:
	{{Template:Fortify}}		{{Template:Fortify}}
−
	{{Template:Vulnerability}}		{{Template:Vulnerability}}

Difference between revisions of "EJB Bad Practices: Use of AWT/Swing"

Revision as of 14:43, 19 July 2006

Abstract

Description

Examples

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

References

Categories

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools