On 08/01/2015 10:57 AM, Andrew Haley wrote: > However, the security problems are great. I haven't heard any > suggestion about how to expose this feature to user-created libraries > without breaking Java security, and I suspect there may be none.
Are the problems greater than those of general reflection after setAccessible(true)? I don't think so. I think the main objection would be philosophical (against adding yet more trapdoors). I respect that—but at the same time, there does not seem to be a core technical requirement why a suitable API with a proper permission check could not be added to the JDK. -- Florian Weimer / Red Hat Product Security
