On Tue, 2004-05-18 at 06:53, Jared W. Robinson wrote: > Does anyone know the security ramifications of using Aspect Oriented > Programming such as AspectJ? (http://eclipse.org/aspectj/) > Seems like it might make code injection and behavior modification > easier, but it doesn't, by itself, make it easier to inject hostile code > remotely as with SQL injection or buffer overflows.
AspjectJ is a compile-time AOP language. Why would it make injecting code at run-time easier? AOSD is actually considered to improve security when designing and implementing an application, because security is generally a crosscutting concern. The PHD thesis of Bart De Win, Engineering Application-level Security through Aspect-Oriented Software Development http://www.cs.kuleuven.ac.be/cwis/research/distrinet/resources/publications/41140.pdf' covers the use of AOSD for security extensively. There's many more "AOSD and security" related publications listed on his website: http://www.cs.kuleuven.ac.be/cwis/research/distrinet/public/showperson.php?ID=3D25 - YY
