[...] > > Meanwhile, Mandy Chung has kindly offered to look into the security > considerations that are at play and come up with a less restrictive > policy which enforces the security needs more accurately. At that point > I will probably remove the fallback -- in part because I hope that by > then both reflection and method handles will employ a common blacklist > of inaccessible methods. I think it would make sense for them both to > offer equivalent access and for that access to take security seriously.
I've seen this kind of fallback in different language runtimes, mine included, having a "less blunt" checks would be great. > > regards, > > > Andrew Dinn RĂ©mi
