-
Sub-task
-
Resolution: Obsolete
-
Normal
-
None
-
None
-
None
-
False
-
None
-
False
-
SECFLOWOTL-30 - s2i Security Review
-
-
While dynamic loading of code is possible in some programming languages and frameworks like Java and Android, it is recommended that you avoid this capability as it increases the code complexity and makes your application dependent on an external resource. However, If you have to load any module dynamically, consider the following recommendations:
- Avoid loading modules from shared locations, such as from an external storage.
- Avoid loading modules through unencrypted networks. Otherwise, files in transit would be at risk of manipulation.
- If you have to load a class from an external location, generate a signature of the class (binary) and check the signature before loading the class to verify that the integrity of the class is maintained.
Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/openshift-source-to-image-s2i-builder-image/tasks/phase/development/106-T279/