Yoav Shapira wrote:
Hi,
On 11/15/06, Remy Maucherat <[EMAIL PROTECTED]> wrote:
> Because these are internal implementations, if the user is whack
> enough to try and access the real object behind the facade, I'd say
> they're at their own risk.

I disagree: if the security manager is there, then there should be no
way to get the internal object.
You know what, on second reading I tend to agree with you.  Users who
are security-conscious enough to enable their security manager are
going to care about this.  Can we do extra checking then, to prevent
access to the internal objects, without compromising performance?

Won't the fact that the internal objects behind the facade live in
separate packages be sufficient for the security manager to
automatically deny access to them?
The problem is that the users are trying to introspect a concrete 
implementation class, which I think isn't right since only the public 
API should be visible to the application. If they were introspecting the 
public interface and it was not working, then I would agree to fixing 
this. Their code can be modified to be smarter about what they're 
introspecting, I think.
Introspection will allow direct access to the field (even if it's 
private/protected), which is the main issue. In that case, there's a 
permission check. So this would need some thought, and is a bit more 
complicated than simply "change the package" (overall, I still think 
it's not legitimate, though).
Rémy

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to