> If you declare state members as private, the bytecode gets hacked around
> during compilation to enable package level access so that the inner
> class can access the private members it is referencing. If you use
> reflection you can access methods and members that you figured where
> private at design time.
Is that all? A friend of mine hacks the JVM all the time. Maybe I've just
gotten jaded, but the JVM just isn't secure enough that way to worry about
it.
For example:
victim.java:
public class victim
{
public String mc = "Can't touch this.";
}
attacker.java:
public class attacker
{
static public void main(String[] args)
{
System.out.println((new victim()).mc);
}
}
Compile both. Change victim so that mc is private. Recompile victim only.
Run attacker. And this doesn't even include all of the fun I can have with
dynamically generated bytecodes. :-)
If you want to even try to have security in Java, you have to really use the
security manager, which would allow you to supress reflection, and you have
a raft of other restrictions. See the
http://java.sun.com/blueprints/qanda/ejb_tier/restrictions.html for more
that you may want to know (but then again, since it refers to EJB
Containers, perhaps you do :-)).
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
