> No problem. I'll try to cook up a proposal this week and hopefully you > can review it to see if it helps you or not.
Sure. > > Isn't that test in reflection only? > > No, it's in the (system) class loader (or it is supposed to be, > Classpath doesn't yet have it). Try this on the Sun JVM: Hmmm. While I can see what SecurityManager.checkPackageAccess is supposed to do, the ClassLoader.loadClass documentation makes no mention of this security check, consequently I can't tell if the security check occurs before or after checking if the class is already loaded or can be loaded by a parent. Further, as loadClass is not final, and as the class to be loaded is actually loaded by a parent loader (ie the bootstrap loader) it would be trivial to avoid any security check defined in the loadClass method itself. The only way this check could work reliably is if the VM itself performs the check. But it seems to me that this is a very underspecified part of the security architecture - other than when invoked via the reflection method. Curiously I've been unable to find any information as to when checkPackageAccess should actually be invoked! David _______________________________________________ Classpath mailing list [EMAIL PROTECTED] http://lists.gnu.org/mailman/listinfo/classpath
