Fnction below is used to read file from a directory on the filesystem. This code runs with read only OS level privilege on this directory. fileName is parameter from user directly passed to this function. public void dummyFunction(String fileName){ FileInputStream fis = new FileInputStream(fileName); // code to read file content only, no write modify or delete } Identify correct answer

technology security

  1. Security is handled at OS level by giving only read level privilege so no need to put an extra check here

  2. Only problem here is that fileName may not be syntactically incorrect so it should be validated before using it in the function

  3. This code can lead to information disclosure attack

  4. Java provides enough security by default for IO operations so this code is not vulnerable.

Show answer
Correct Option: C

Find more quizzes: