Saturday, November 28, 2009

Why String has been made immutable in Java?


Why String has been made immutable in Java?

Though, performance is also a reason (assuming you are already aware of the internal String pool maintained for making sure that the same String object is used more than once without having to create/re-claim it those many times), but the main reason why String has been made immutable in Java is 'Security'. Surprised? Let's understand why.


Suppose you need to open a secure file which requires the users to authenticate themselves. Let's say there are two users named 'user1' and 'user2' and they have their own password files 'password1' and 'password2', respectively. Obviously 'user2' should not have access to 'password1' file.


As we know the filenames in Java are specified by using Strings. Even if you create a 'File' object, you pass the name of the file as a String only and that String is maintained inside the File object as one of its members.


Had String been mutable, 'user1' could have logged into using his credentials and then somehow could have managed to change the name of his password filename (a String object) from 'password1' to 'password2' before JVM actually places the native OS system call to open the file. This would have allowed 'user1' to open user2's password file. Understandably it would have resulted into a big security flaw in Java.
I understand there are so many 'could have's here, but you would certainly agree that it would have opened a door to allow developers messing up the security of many resources either intentionally or un-intentionally.

With Strings being immutable, JVM can be sure that the filename instance member of the corresponding File object would keep pointing to same unchanged "filename" String object. The 'filename' instance member being a 'final' in the File class can anyway not be modified to point to any other String object specifying any other file than the intended one (i.e., the one which was used to create the File object).


Liked the article?
Subscribe to this blog for regular updates. Wanna follow it to tell the world that you enjoy GeekExplains? Please find the 'Followers' widget in the rightmost sidebar.



Share/Save/Bookmark


18 comments:

Anonymous said...

you have a nice site.thanks for sharing this site. various kinds of ebooks are available here

http://feboook.blogspot.com

manish said...

Good insight.... quite a different view.Moreover with immutability Thread safety comes free,we need not bother about thread safety for immutable objects.

Ajeet Patel said...

wow...very nice answers..satisfactory and convincing..thnx a lot man

Cagil Seker said...

Good points and I agree with them. There is an excellent discussion on it here: http://stackoverflow.com/questions/3584945/non-technical-benefits-of-having-string-type-immutable

srisar said...

Really nice different view for Strings, thanks expect more from you.

srisar said...

Quite a different view for String, also convincing, thanks and expecting more from you.

Noel Avlas said...

Wow! Didn't look at it that way before!

Great read! :)

Help Each Other Make A Better World said...

Great site. Good information. Like it. Will be back to read more soon.

Kumar Kumaaran said...

Good article. gotta spark for my next post. Thanks. I have few trick’s of String in my site. Do Visit and support guys.

Kumar
http://kumkumaa.blogspot.com/

Bharat Verma said...

Cool ... I had read so many times that strings are immutable but is not aware of the same thanks for sharing gr8 info !

http://linux4genext.blogspot.com

online calculator said...

It's very great post. This is really helpful for me.Thanks for sharing it.

san said...

Explanation of answers each question is excellent, expecting few more topics to cover such as J2EE fundamentals.

shweta said...

Good explanation of topic..looking for more topics.

dev said...

dis z one of the awesome site i hav every visited. thanks a lot for your patience and explanation.

Computer repair stockport said...

You learn something new everyday :) Thanks for the post

Anonymous said...

What's up to all, the contents present at this website are really amazing for people knowledge, well, keep up the good work fellows.
Here is my blog bnc cable

Angela Brooks said...

Hey, I had a great time reading your website. Can I contact you through email?. Please email me back.

Regards,

Angela
angelabrooks741 gmail.com

Daniel Mason said...


I was totally amazed when i saw this website Best Java Online Training first time i thought this is what i am looking for from a long time i am very thankful to you for helping not only me but to all those guys who are new to this IT SECTOR and who wants to make a career ih this sector.