Wednesday, March 22, 2006

Why Java Does Not Support Uninitialized Local Variables

In Java a local variable has to be initialized before it can be used. I always thought the reason for imposing this rule was to ensure that variables are never used with junk values if a programmer forgets to initialize them. This would result in runtime bugs. However while reading "Java Security - Scott Oaks" I realized that there is a also a security concern in allowing usage of initialized variables. A rogue programmer could create a very large uninitialized variable and then inspect the contents of it's memory location. Such an operation could compromise the security of the machine on which the program (applet) is being run.

No comments: