>>>>> "Ingo" == Ingo Pr�tel <[EMAIL PROTECTED]> writes:
Ingo> would like to propose a modification to Toms fix. It looks to me as if Ingo> all fields of a deserialized object are accessible as well as the Ingo> private readObject-Method. Or does the VM reset the Accessible flag? No, nothing resets the flag. I assume you are doing this because your Class implementation caches the Field and Method objects. I don't think that is valid. If we call setAccessible on a Method, then even if we reset it we are opening up a window where other unprivileged code could access that Method. This can only happen in the serialization code if Class returns the same Method or Field object to other callers. Tom _______________________________________________ Classpath mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/classpath
