MSC08-J. Do not store nonserializable objects as attributes in an HTTP session
This rule is a stub.
Noncompliant Code Example
This noncompliant code example shows an example where ...
Non-compliant code
Compliant Solution
In this compliant solution, ...
Compliant code
Risk Assessment
If nonserializable objects are stored as attributes in an HTTP session then ...
| Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| MSC08-J | Low | Probable | No | No | P2 | L3 |
Automated Detection
| Tool | Version | Checker | Description |
|---|---|---|---|
| Security Reviewer - Static Reviewer | 6.02 | NonSerializableObject | Full Implementation |
Bibliography
| [ Fortify 2014 ] | Fortify Diagnostic |
| HTTPSession J2EE Documentation [Note. This is a JavaEE 5 reference. I cannot find the corresponding API in Java 7.] |
