- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: java-best-practices/avoid-message-digest-field
Language: Java
Severity: Notice
Category: Best Practices
When you designate a MessageDigest
instance as a class member, you enable direct access for multiple threads in your program. It is important to exercise caution when sharing instances among threads without proper synchronization.
Instead of sharing a single MessageDigest
instance, consider generating new instances when necessary and using them locally within the specific context where they are needed. This practice offers two benefits. First, it guarantees that each thread operates on its own instance, thereby minimizing the possibility of interference between threads. Second, it sidesteps the intricacies of managing synchronized access to a shared instance.
public class Foo {
private final MessageDigest sharedMd; // should avoid this
public Foo() throws Exception {
sharedMd = MessageDigest.getInstance("SHA-256");
}
public byte[] bar(byte[] data) {
// Incorrect outcomes could arise from sharing a
// MessageDigest without synchronized access.
sharedMd.reset();
sharedMd.update(data);
return sharedMd.digest();
}
}
public class Foo {
public byte[] bar(byte[] data) throws Exception {
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(data);
return md.digest();
}
}
|
|
For more information, please read the Code Security documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products