Module church.i18n.processing.exception
Package church.i18n.processing.security.policy

Enum Class SecurityLevel

java.lang.Object
java.lang.Enum<SecurityLevel>
church.i18n.processing.security.policy.SecurityLevel
All Implemented Interfaces:
SecurityPolicy, Serializable, Comparable<SecurityLevel>, Constable
public enum SecurityLevel extends Enum<SecurityLevel> implements SecurityPolicy
Different security levels of information that often occurs in exception handling. In short, it lists following types of security information types:

Levels are ordered from weakest to strongest.

  • Nested Class Summary

    Nested classes/interfaces inherited from class java.lang.Enum

    Enum.EnumDesc<E extends Enum<E>>

  • Enum Constant Summary

    Enum Constants
    Enum Constant
    Description
    CONFIDENTIAL
    Confidential information is sensitive and should be used only on limited and need-to-know basis.
    PERSONAL_INFORMATION
    Personal identifiable information (PII) is data that can be used to identify an individual directly and indirectly.
    PUBLIC
    Public information is general message that does not disclose any information about system.
    RESTRICTED
    Restricted information is highly sensitive.
    SYSTEM_EXTERNAL
    System external information is exposing information of the system that are potentially know.
    SYSTEM_INTERNAL
    System internal is exposing internal state or behavior of the system.
    THIRD_PARTY
    Third party information is coming from third party libraries and there is a risk of exposing sensitive or internal information.

  • Method Summary

    Modifier and Type
    Method
    Description
    static @NotNull SecurityLevel[]
    parse(@Nullable String... values)
    Parse values and return SecurityLevel enum items.
    static SecurityLevel
    valueOf(String name)
    Returns the enum constant of this class with the specified name.
    static SecurityLevel[]
    values()
    Returns an array containing the constants of this enum class, in the order they are declared.

    Methods inherited from class java.lang.Enum

    clone, compareTo, describeConstable, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

    Methods inherited from class java.lang.Object

    getClass, notify, notifyAll, wait, wait, wait

  • Enum Constant Details

    • PUBLIC

      public static final SecurityLevel PUBLIC
      Public information is general message that does not disclose any information about system. It is information that is already publicly known or information that is known in user's context.

      Example of public information is age restriction for registration, expected format of some input values.

      Disclosure of such information usually should not put a system into a risk.

    • SYSTEM_EXTERNAL

      public static final SecurityLevel SYSTEM_EXTERNAL
      System external information is exposing information of the system that are potentially know. User may get know this information with none or some effort.

      Typically, external system information could be HTTP methods of particular endpoint, required endpoint parameters, validation values ranges or their format.

      Disclosure of such information may give attacker insight into external system facade and/or its constraints.

    • SYSTEM_INTERNAL

      public static final SecurityLevel SYSTEM_INTERNAL
      System internal is exposing internal state or behavior of the system. This information may impose system into a risk.

      Typically, internal information could be a path to a file, full class name, non-public system settings, used libraries with their versions or similar information.

      Disclosure of such information may give attacker deeper insight into the system and may help to precisely target its vulnerabilities.

    • THIRD_PARTY

      public static final SecurityLevel THIRD_PARTY
      Third party information is coming from third party libraries and there is a risk of exposing sensitive or internal information. This level of sensitivity is similar to SYSTEM_INTERNAL with the difference that value is taken directly from the third party exception or its message. This information should help easy identification of the cause of problem.

      Typically, third party information is vendor error code (e.g. SQLException#getSQLState ), or content of exception message.

      Disclosure may potentially expose any kind of sensitive information. Full third party exception messages could be particularly dangerous as you do not have a control over what the message contains. Future versions of library may change message, and you may not realize sensitivity of exposed content.

    • PERSONAL_INFORMATION

      public static final SecurityLevel PERSONAL_INFORMATION
      Personal identifiable information (PII) is data that can be used to identify an individual directly and indirectly. Examples of such information could be (not limited to): name, surname, home address, e-mail address, national ID, phone number, date of birth, bank account number, photo, geolocation, biometric information, behavioral data and similarly. Those information could be subject of law in a particular country, please find it out for yourself what information belongs to this category.

      Disclosure or careless handling with such information may negatively affect business and result in financial or legal impact to the business.

    • CONFIDENTIAL

      public static final SecurityLevel CONFIDENTIAL
      Confidential information is sensitive and should be used only on limited and need-to-know basis. This information should not be exposed and accessed only through system logs. This information should help to investigate the cause of a problem. Access should be audited.

      Typically, sensitive information may include anonymized user data, pricing information, reports, etc.

      Disclosure of such information may negatively affect business and ultimately your brand.

    • RESTRICTED

      public static final SecurityLevel RESTRICTED
      Restricted information is highly sensitive. This level should be used only on a very limited and only need-to-know basis. The level should not ever be exposed, only logged. One may enable logging only in the case of problem investigation and only if there is no other way how to retrieve information of what happens in the system. Access should be audited.

      Typically, restricted information contains potentially identifiable information, user information or other business secrets.

      Disclosure of such information may result in a significant financial or legal impact to the business.

  • Method Details

    • values

      public static SecurityLevel[] values()
      Returns an array containing the constants of this enum class, in the order they are declared.
      Returns:
      an array containing the constants of this enum class, in the order they are declared

    • valueOf

      public static SecurityLevel valueOf(String name)
      Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum class has no constant with the specified name
      NullPointerException - if the argument is null

    • parse

      @NotNull public static @NotNull SecurityLevel[] parse(@Nullable @Nullable String... values)
      Parse values and return SecurityLevel enum items.
      Parameters:
      values - values to parse.
      Returns:
      Array of parsed items in the case