Non-final public static fields can be changed by external classes.
Typically, you do not want to provide external classes direct access to your object's member fields since a public field can be changed by any external class. Good object oriented designed uses encapsulation to prevent implementation details, such as member fields, from being exposed to other classes. Further, if the system assumes that this field cannot be changed, then malicious code might be able to adversly change the behavior of the system.
'
Example 1: In the following code, the field ERROR_CODE
is declared as public and static, but not final:
public class MyClass
{
public static int ERROR_CODE = 100;
//...
}
[1] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 493
[2] Sun Microsystems, Inc. Secure Coding Guidelines for the Java Programming Language, version 2.0