Does the Java 'final' keyword actually improve security?

Question

While there are many reasons to use the \'final\' keyword in Java, one of the ones I keep hearing over and over again is that it makes your code more secure. While this seem

Answer 1

It doesn't make your code more secure, it is more for thread safety than anything else. If a variable is marked final, a value must be assigned to it when the object is created. After object creation, that variable cannot be made to refer to another value.

This behavior allows you to reason about the state of an object and make certain assumptions when multiple threads are accessing it concurrently.

Answer 2

I imagine what someone would mean when they said that final makes your code more secure is that it prevents future developers from coming along and modifying values that are not meant to be modified, or inheriting from classes which are not designed to be extended (and causing unpredictable results in the process). It doesn't have anything to do (directly) with authentication.

Answer 3

The "final" keyword does indeed have some security implications. Imagine you are designing a secure system which has a service that, given a string, does something if and only if the string is valid. You might write:

public void doSomethingUseful(String argument) {
    checkValidity(argument);
    /* prepare to do something useful... preparation takes a bit of time! */
    reallyDoTheUsefulTask(argument);
}

If String were not final, some clever attacker could subclass String. Their string is not immutable like the stock String class is - and in fact, they can spawn another thread and try to do attacks on your method by changing the argument after checkValidity but before you actually use the argument. Then your "useful task" suddenly does something completely wrong, possibly compromising security. They've just bypassed your checks! Because java.lang.String is final, however, you have good guarantees that when you ask for a String parameter it is, in fact, the standard immutable String. This is a pretty big deal - there was an entire class of kernel-mode attacks based around improper parameter handling with syscalls.

So yes, final can have some security considerations.

Answer 4

Secure against what?

In terms of mobile code (code that can move between systems - applets, midlets, WebStart, RMI/JINI, etc), it is very important. Applied to classes, and to a lesser extent accessible methods, it prevents malicious implementations. Similarly with accessible fields, notable statics. If you are going to write code that may become part of a library, you need to be keenly aware of this.

For typical, say, web or desktop app code, it is far less important. However, its absence on fields makes code more difficult to read and indicates a confused programmer. Such code is unlikely to be secure just because it is badly written.

Answer 5

I am pretty sure final is a design construct in much the same way access modifiers are in a class declarations - it's a way to express and enforce design.

Answer 6

Final also improves performance/memory management.