Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.
Extended Description
The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.
ThreatScore
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
Observed Examples (CVEs)
No observed examples available.
Related Attack Patterns (CAPEC)
N/A
Attack TTPs
N/A
Modes of Introduction
Phase
Note
Implementation
N/A
Common Consequences
Impact: Read Application Data — Notes: Any data in a Java package can be accessed outside of the Java framework if the package is distributed.
Impact: Modify Application Data — Notes: The data in a Java class can be modified by anyone outside of the Java framework if the packages is distributed.
Potential Mitigations
Architecture and Design: Data should be private static and final whenever possible. This will assure that your code is protected by instantiating early, preventing access and tampering. (N/A)
Applicable Platforms
Java (N/A, Undetermined)
Demonstrative Examples
Intro: The following example demonstrates the weakness.
package math; public class Lebesgue implements Integration{ public final Static String youAreHidingThisFunction(functionToIntegrate){ return ...; } }