Read Time:26 Second
Description
An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Integrity, Confidentiality: Modify Application Data, Read Application Data
Potential Mitigations
Phase: Implementation
Description:
Make all fields private. Use getter to get the value of the field. Setter should be used only by the framework; setting an action form field from other actions is bad practice and should be avoided.