Jim Halfpenny on the Webappsec list has discovered that BEA's JRockit
JDK _does_ use verification by default, his complete post quoted below
(the test was to access private methods on a class):
Hi,
BEA JRockit verifies by default and as far as I am aware does not offer a
-noverify option.
$ java -cp . verifytest2.Main
java.lang.IllegalAccessError: getName
at verifytest2/Main.<init>()V(Main.java:???)
at verifytest2/Main.main([Ljava/lang/String;)V(Main.java:12)
Tested with JRockit 1.4.2_08.
Regards,
Jim Halfpenny
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
