This question already has answers here:
How does Java strings being immutable increase security?
(3 answers)
Closed 8 years ago.
Im trying to understand how String immutability increases the security. I had searched and found many cases but it does not give real practical example.
Here is one such example -
boolean connect(string s){
if (!isSecure(s)) {
throw new SecurityException();
}
//here will cause problem, if s is changed before this by using other references.
causeProblem(s);
}
In the above case the connect method could be called with any valid String
For ex:- connect("DB2") or connect("ORACLE") and the method will be executed accordingly.
Can someone elaborate more on this how the security is enhanced?
Excuse if its more basic question.
There are also caveats in the opposite direction, for example some API avoid using String for passwords and prefer char[] (which can be erased in memory immediately after use, whereas a String may stick around for quite a while).
Related
This question already has answers here:
Java optimization : local variable or function call
(5 answers)
Closed 6 years ago.
I have a very basic question. Which if the below 2 is better performance-wise:
if (getSomeValue() != null) {
processSomeValue(getSomeValue());
}
OR
String someValue = getSomeValue();
if (someValue != null) {
processSomeValue(someValue);
}
getSomeValue() is a normal getter which does not do anything else.
A best practice is to always use the 2nd way even you already know that the getSomeValue() is a simple getter. The key thing is that the call might be maintained in the future and changed by someone in the future. Any developer if change the inner code of getSomeValue() may not be aware of the invocation method that you are currently using.
This question already has an answer here:
Can we access or query the Java String intern (constant) pool?
(1 answer)
Closed 8 years ago.
How can we know that how many string object resides in string litral pools.
is there any mechanism or java code available that will give me the number of String object that are curruntly in string pool ???
is there any mechanism or java code available that will give me the
number of String object that are curruntly in string pool ???
No, no such mechanism exists in the JDK.
no there is no mechanism exist but if you want to know more about string pool than
http://www.journaldev.com/797/what-is-java-string-pool
No, there is no direct mechanism to access the String pool, since its privately maintained by the String class. But we can check and see if the pool contains a particular String object using:-
StringObject.intern(); //Returns a canonical representation for the string object.
Although There might be a workaround for this, I have never tried or used this approach, You can go ahead and investigate a little bit.
This is related to using VisualVM to see runtime memory values,
http://java.dzone.com/articles/visualvm-see-whats-your-heap
http://netbeans.dzone.com/vvm-displaying-java-memory-pool-stats
This question already has answers here:
Java Method invocation vs using a variable
(14 answers)
Closed 9 years ago.
In the below scenario, all 3 getXxxxx() methods simple return a property of that class with no additional processing.
Is it more efficient for me to assign them to a temporary variable like I've done with workLimit, or should I just use the getter like I did with getCurrentWork()?
int x = 0;
int workLimit = entity.getCurrentWorkLimit();
JobSet jobSet;
JobSetQueue queue = workflowProcess.getQueue();
while (x < workLimit && (jobSet = queue.poll()) != null) {
getCurrentWork().addLast(jobSet);
}
The VM optimizes access to simple getters itself - but in fact you usually shouldn't care about it. Therefore, I would usually optimize code for readibility / maintainability instead of performance. Performance optimizations should be based on facts, not assumptions.
Assuming getCurrentWork() is just returning a variable itself, then the performance will be the same. I think that having the extra variable sometimes makes the code easier to read/scan especially when you have lots of them. In thise case, I'd probably just use the getter.
You are in essence buying one less stack operation, this is a micro-optimization and as such is almost completely useless, unless you are writing a real-time system.
At the end of the day, profile profile profile
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Java - Array’s length property
String.length() vs Array.length
I'm currently in my AP Computer Science class in high school and I came across this in my reading.
From what I understand, .length() is a method used for strings, but why isn't .length() a method when applied on arrays? I understand that they're different objects, but why didn't Java just make another method for finding the length of arrays?
I appreciate any response I get. Thanks!
Since arrays are fixed length defined at the time they are instantiated length is a public final field on the class. There is no need to make it a method since there is no calculation to be done at run time.
See this section of the Java Spec for details:
http://docs.oracle.com/javase/specs/jls/se7/html/jls-10.html#jls-10.7
Now, as for the design question of why they didn't provide an accessor method to obtain the value isn't specified. Perhaps this was done before any other convention was set and this is just a legacy thing. Only the language designers would know the "why" portion of their decision to do it this way.
Arrays are defined in the Java Language Specification #10.7. In particular:
The members of an array type are all of the following:
The public final field length, which contains the number of components of the array. length may be positive or zero.
[...]
I can't answer why this approach was chosen by the language designers.
Interestingly, it was already the case in the Oak specifications, which is the ancestor of Java.
I doubt that there's a good technical reason for this.
I suspect that this is one of those little inconsistencies that didn't get spotted early enough to get fixed without breaking a ton of code.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Which constructor is chosen when passing null?
I recently came across this curiosity while coding a few days back and can't seem to figure out why the following happens:
Given the class below
public class RandomObject{
public RandomObject(Object o){
System.out.println(1);
}
public RandomObject(String[] s){
System.out.println(2);
}
}
When the call new RandomObject(null); is made the output is always 2 regardless of the order in which the constructors were created. Why does null refer to the string array rather than the object?
The key here is that Object is the super type of String[]
Java uses the most specific available method to resolve such cases. Null can be passed to both methods without compilation errors so Java has to find the most specific method here. The version with String[] is more specific - therefore it will be chosen for execution.
Someone else has had this question earlier, check this post
If there are two cases to choose from, the compiler will first try to pick the more specific case. In this case, String will be picked over Object.
In the other question it was String str instead of String[] s
Thus, since String[] is a more specific datatype than its super type Object, it is picked.