Hi all,
I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user:
public class User implements Serializable
{
protected Date birthDate;
public Date getBirthDate()
{return(birthDate);}
public void setBirthDate(final Date birthDate)
{this.birthDate = birthDate;}
}
This class is incomplete, so don't harp me about it missing the serialVersionUID and other standard stuff, I am just concerned with the birthDate security hole.
Now, according to the findbugs report, since I am returning a reference to a mutable object, that is a potential security risk. In practice though, how much does that really matter?
http://findbugs.sourceforge.net/bugDescriptions.html#EI_EXPOSE_REP
I suppose I still don't really see what the problem is here in this case. Should I pass in a long and set the date from that?
Walter