At 09:19 AM 12/17/99 -0500, you wrote:
>----- Original Message -----
>From: Jeff Prickett <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Wednesday, December 15, 1999 11:28 AM
>Subject: Accessing private member data in JDK1.2
>
>
>>
>> Scott,
>>
>> I found this link on Sun's Java Developer forum about exactly the
>> thing we were talking about accessing private member data.
>>
>> http://forum.java.sun.com/forum?[EMAIL PROTECTED]^[email protected]/0
>>
+1 for this options on the Java 2 platform. I did some more research
into this. Check the 1.2 docs for java.lang.reflect.Accessible. It states
explicitly that this type of functionality was added for serialization and
other object persistence layers. The great thing about this is that if we
write the security manager correctly we can limit the the time spent with
our data exposed to only the bare minimum we need to get or set it.
+1 for making this code available as a patch onto the first version of OPal
for JDK1.2 users. IMHO This is some really beneficial stuff for what we are
doing.
>> It is a JDK1.2 specific fix to the problem. Unfortunately, I am hosting on
>> a Linux platform with JDK1.1.7. I will be a real happy
>> many when we have a 1.2 or 1.3 port for Linux :(. Well, I am off
>> to check the 1.1.7 docs to see if there is anything similar in there.
>>
>>
>
>I'm not really sure how we should handle this issue yet. my work with
>PowerBuilder, as i have said before has given me some bad habits. in
>PowerBuilder you can declare class attribute to "Public Read" and
>"Private/Protected write". AFAIK, there is not an equivalent to this in
>java. AFAIK using reflection... if i'm not mistaken either John McNally or
>Brett McLaughlin has reservations about using it because of performance
>issues, but i'm not sure i agree. On the topic of serializing, IMOP this
>gets a -1 for a number of reasons... performance, concurrency, etc...
>
-1 for security on serialization. Performance most likely will be horrible.
>i have been kickin' around the idea of just making it understood that any
>descendant classes of PersistenceObject must conform to the JavaBean spec.
>so that if there is an object attribute that needs to be persistent, say
>like employeeId, there must be a corresponding method name setEmployeeId(int
>idArg). What do you think???
>
+1 on bean type conventions for JDK117. AFAIK There really is no way to
disable
permission checks on JDK117. After looking at the options, using a bean type
convention and reflection classes to call the getters/setters works for me.
Although I think we should abandon this approach as soon as we abandon the
JDK117 platform. See the caveat...
Caveat
-1 on security for that too.
Anybody can get or set your data.
-1 maintainability
Anyone can set your data. The great thing about having permissions is you
can limit where bugs creep in. Private access - we know the bug is somewhere
in this class. Protected we know it is in this class or a subclass.
Package etc...
I think the reason why that this exposure works in Beans is because beans
(feel
free to correct me if I am wrong. I dont know much about the details of beans)
are used primarily for java controls. The main function of a control is to
gather and disseminate information. Our business logic which will inherit from
Persistent object is the main place where all that data is going. The primary
goal of our business logic is to keep all our business data organized and
correct. Limiting access to who manipulates it can help us protect that data.
I would be willing to write all code for this over the weekend, both for
JDK117 and Java 1.2. I will write the code to collect the data over the
weekend. We will probably need further discussion on tying this code back
into the class maps and then into actual SQL. Anyway, I am off to implement
this in the code. Look for the diffs sometime this weekend.
>-scott-
>
>
>
>
>------------------------------------------------------------
>To subscribe: [EMAIL PROTECTED]
>To unsubscribe: [EMAIL PROTECTED]
>Problems?: [EMAIL PROTECTED]
>
>
Whoever loves money never has money enough;| Jeff Prickett
whoever loves wealth is never | J2 Solutions
satsified with his income. | [EMAIL PROTECTED]
This too is meaningless. | PH: 302-945-5520
Ecclesiastes 5:10 | Fax: 302-945-5216
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
