//为什么要定义构造方法
因为不定义它也会有默认构造方法,而且是public的,不符合单例的设计模式要求
这种eager singleton是线程安全的,因为JVM保证了静态变量只由classloader初始化一次,也因此意味着所有调用getInstance的线程只能得到同一个变量实例
但是这种方法不足以保护其免遭reflection attack,因为反射可以改变私有变量的访问控制符
AccessibleObject.setAccessible(true),应对这种情况就需要这样:
public class JavaSingleton {
private static final JavaSingleton INSTANCE = new JavaSingleton();
private JavaSingleton() {
if (INSTANCE != null) {
throw new IllegalStateException("Inside JavaSingleton(): JavaSingleton " +
"instance already created.");
}
System.out.println("Inside JavaSingleton(): Singleton instance is being created.");
}
public static final JavaSingleton getInstance() {
return INSTANCE;
}
}
同时也不能免遭serialization attack,应对法:
定义所有的实例域为transient,再提供一个readResolve方法,返回现有实例,来保证singleton
见:
http://technonstop.com/java-singleton-reflection-and-lazy-initialization
http://www.chiaocheng.com/blog/2009/07/java-singleton/
http://stackoverflow.com/questions/5735797/is-this-singleton-resistant-to-both-serialization-and-reflection-attacks
分享到:
相关推荐
How to defend against the attacks describedHack the FreeBSD kernel for yourself! Table of Contents Chapter 1: Loadable Kernel Modules Chapter 2: Hooking Chapter 3: Direct Kernel Object Manipulation ...
including Penetration Tester's Open Source Toolkit (ISBN: 1-5974490210), Stealing the Network: How to Own an Identity (ISBN: 1597490067), InfoSec Career Hacking (ISBN: 1597490113), and OS X for ...
Attack and Defend Computer Security Set By 作者: Dafydd Stuttard – Marcus Pinto – Michael Hale Ligh – Steven Adair – Blake Hartstein – Ozh ISBN-10 书号: 111890673X ISBN-13 书号: 9781118906736 ...
Discover how to defend against threats Get to know the basic concepts of Android rooting See how developers make mistakes that allow attackers to steal data from phones Grasp ways to secure your ...
Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition is suitable for anyone who wants to learn more about pentesting and how to understand and defend against the latest wireless ...
Defend against GPS Spoofing using Off-the-shelf Chipset}, author = {Liu, Shinan and Cheng, Xiang and Yang, Hanchao and Shu, Yuanchao and Weng, Xiaoran and Guo, Ping and Zeng, (Curtis) Kexiong and Wang...
five-steps-to-defend-against-social-media-weaponization.pdf
麻省理工大学网络攻击及网络欺诈识别高质量研究论文,使用监督学习和无监督学习算法,使用大数据进行机器学习模型训练,取得较好效果!
Protect your data from attack by using SQL Server technologies to implement a defense-in-depth strategy, performing threat analysis, and encrypting sensitive data as a last line of defense against ...
Explore every nook and cranny of the Android OS to modify your device and guard it against security threats About This Book Understand and counteract against offensive security threats to your ...
tv-w06-five-steps-to-defend-against-social-media-weaponization
The professional hackers and nation states on the forefront of today's threats operate at a much more complex level—and this book shows you how to defend your high security network. Use targeted ...
To be well prepared for future attacks, it is not enough to study how to detect and defend against the botnets that have appeared in the past. More importantly, we should study advanced botnet ...
other curious folks who want to learn how attackers work and techniques for defending their own systems against attacks can benefit. The book includes practical recommendations for people who have to ...
Given this reality, security researchers must find new ways to defend against peer-to-peer botnets. Toward that aim, we have developed a stochastic model of peer-to-peer botnet formation to provide ...
and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.
torial is to teach people how to create, and defend againist the attack of a lame YAM virus :) This tute is for educational purposes only. So, lawyers, i don't give a shit if a lamer takes this ...
the use of hardware monitors to detect and defend against attacks. The SANES architecture is based on three main ideas: 1) reconfigurable security primitives, 2) reconfigurable hardware monitors and 3...
of the operating system if we are to defend properly against attack, both now and in the future. Information is power, and this book empowers its readers by providing the most up-to-date and cutting-...