+1. We've faced many security issues, due this exposure of internal packages. One such good example is, never expose your BundleActivator. It might be keeping references to your BundleContext and the BundleContext should never be shared with any other bundle.
Sameera On Fri, Aug 6, 2010 at 8:53 AM, Afkham Azeez <[email protected]> wrote: > Folks, > We haven't been paying proper attention to bundle internal vs. external > classes. This is evident by the fact that most of our internal packages > contain only a few classes. Most of the classes are related to the bundles > internal implementation and hence should not be exposed to outside bundles. > In the future, please make it a point to place your bundle private classes > within subpackages of the internal subpackage as shown in the example > below. > > e.g. org.wso2.stratos.permission.update.internal.task.PermissionUpdaterTask > > If you look at most of our components, you will notice that a significant > number of them should have only internal package. Please follow this when > developing bundles in the future & also feel free to fix this in existing > bundles. > > Thanks > -- > Afkham Azeez > Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, > Lean . Enterprise . Middleware > Member; Apache Software Foundation; http://www.apache.org/ > email: [email protected] cell: +94 77 3320919 > blog: http://blog.afkham.org > twitter: http://twitter.com/afkham_azeez > linked-in: http://lk.linkedin.com/in/afkhamazeez > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Sameera Jayasoma Technical Lead WSO2, Inc. (http://wso2.com) email: [email protected] blog: http://tech.jayasoma.org Lean . Enterprise . Middleware
_______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
