|
midrange.com
> From: MarkB@xxxxxxxxxx
>
> Any good OO language allows at least some level of "meta" programming.
> In Java its reflection:
>
> void showFields(Object o)
> {
> Field[] fields = o.getClass().getFields();
> Sorry, minor error.
> You'd have to use getDeclaredFields()
Correct. getFields does not allow access to private fields. And even with
getDeclaredFields, you have to use the setAccessible line:
field.setAccessible(true);
Which, according to the documentation is a dangerous thing:
"Setting the accessible flag in a reflected object permits sophisticated
applications with sufficient privilege, such as Java Object Serialization or
other persistence mechanisms, to manipulate objects in a manner that would
normally be prohibited."
And even though you can get around it with this rather tortuous and
dangerous workaround, I can still prevent it by simply implementing a
SecurityManager that disallows access check suppression:
import java.security.*;
public class MySecurity extends SecurityManager {
public void checkPermission(Permission p) {
if (p.getName().equals("suppressAccessChecks"))
throw new SecurityException("Access check suppression
disallowed");
}
}
Then, in my system initialization, I just do:
System.setSecurityManager(new MySecurity());
And your reflection trick is thwarted.
Joe
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
