This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

EJB Bad Practices: Use of

Revision as of 18:27, 27 May 2009 by MediaWiki spam cleanup (talk | contribs) (Reverting to last version not containing links to

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


#REDIRECT Failure to follow guideline/specification

Last revision (mm/dd/yy): 05/27/2009


The program violates the Enterprise JavaBeans specification by using the package.

The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container [10].

In this case, the program violates the following EJB guideline:

 "An enterprise bean must not use the package to attempt to access files and directories in the file system."

A requirement that the specification justifies in the following way:

 "The file system APIs are not well-suited for business components to access data. Business components should use a 
 resource manager API, such as JDBC, to store data."

Risk Factors




Related Attacks

Related Vulnerabilities

Related Controls

Related Technical Impacts