Version 5.0 of the Java Secure Coding Guidelines now available!

A new version of the Java Secure Coding Guidelines is now available at http://www.oracle.com/technetwork/java/seccodeguide-139067.html

This version has many updates, including:

  • Additional information for some of the new Java SE 8 features
  • Several new guidelines and examples
  • A new appendix covering the Java Native Interface
  • A new symbolic naming for sections
  • Several formatting changes
These guidelines contain coding patterns and best practices that are extremely useful for building robust and secure Java applications.
Comments:

I wonder if there is somewhere a changelog, a possibility to diff it (or at least the source for the last version). I would be curious to see what changed in detail.

Posted by Bernd Eckenfels on April 15, 2014 at 06:22 PM EDT #

A detailed diff/changelog is not available, but I will check to see if I can get a more detailed list of changes. You could also try to find a copy of version 4.0 and do a diff yourself.

Posted by Sean Mullan on April 16, 2014 at 08:55 AM EDT #

Hello,

sorry to bother but I have couple of questions and I'd be very grateful if you could help me. I have a project on college to create XAdES Baseline and verify it, so I am using javax.xml.crypto.dsig for it. I've added couple of elements to xml dsig to create xades signature but I have some problems.

First, I want to add namespace prefix to my xades elements. But when I do that, verification fails on this reference so could you tell me what i need to do in process of generating the signature to make correct reference digest value. I've found that someone already had similar problem, https://www.java.net/node/668669, you gave your response too on this topic but the question in the last post remained unanswered and that question bothers me too. Without prefix everything works well...

Another thing I want to ask you, I need in my detached signature to create reference to detached file with URI that would have a relative path, ie URI would only have name of the file. How can I do that? And how can I validate that reference?

Thanks in advance,
Ivan Celija

Posted by Ivan Celija on May 20, 2014 at 04:29 PM EDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Sean Mullan

Search

Top Tags
Categories
Archives
« July 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today