As I was returning the actual reference of Date object in a getter of a class. But SonarQube didn't accepted it a good practice. And then I found that returning references to internal mutable members of a class can compromise an application's security, both by breaking encapsulation and by providing the opportunity to corrupt the internal state of the class (whether accidentally or maliciously).
Now I'm thinking: Why is java.util.Date mutable in java ?
Asked
Active
Viewed 1,583 times
2
Rob Audenaerde
- 17,859
- 8
- 72
- 114
FaheemFayaz
- 43
- 8
-
8Because of a design oversight 20 years back. – Kayaman Aug 31 '15 at 07:27
-
1And if you use Java 8, there are suitable immutable classes in the `java.time` package. – RealSkeptic Aug 31 '15 at 07:28
-
@TheLostMind It's not a defensive copy of a mutable object. It returns an immutable object. – Peter Lawrey Aug 31 '15 at 07:31
-
@PeterLawrey - Ya, that makes sense. My bad. Thanks :) – TheLostMind Aug 31 '15 at 08:14